U.S. flag

An official website of the United States government, Department of Justice.

Dot gov

The .gov means it’s official.
Federal government websites always use a .gov or .mil domain. Before sharing sensitive information online, make sure you’re on a .gov or .mil site by inspecting your browser’s address (or “location”) bar.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Trait Analytic Program Search (TAPS)

Award Information

Awardee
WetStone Technologies, Inc.
Award #
2007-DN-BX-K187
Location

Ithaca, NY

Congressional District
23
Status
Closed
Funding First Awarded
2007
Total funding (to date)
$167,991
Original Solicitation
NIJ FY 07 Electronic Crime and Digital Evidence Recovery: Invited Full Proposals

Description of original award (Fiscal Year 2007, $68,000)

This project will aid computer forensic investigators and examiners by developing a tool or set of tools to detect malicious software that is used to perform Steganography or data hiding functions without the use of hash-based searches for specific files. Examining programs in their disk-resident, static form, the Trait Analytic Program Search (TAPS) compares files to known models of steganographic programs and attempts to determine if a given executable file is malicious.

ca/ncf

This Phase II proposal expands upon the identification of steganography programs accomplished in Phase I and broadens the research to examine new methods of detecting polymorphic and metamorphic forms of malicious code. The goal of this effort is to develop a software-based forensic tool that will identify running software (through the analysis of memory snapshots) that contains contents or exhibits behavior consistent with polymorphic and/or metamorphic code. The rationale for the examination of memory snapshots is that both polymorphic and metamorphic forms of malware are most vulnerable when executing in memory.

This project contributes to the reduction of crime laboratory backlogs for computer evidence by increasing the speed and accuracy with which malware can be identified.

nca/ncf

Date Created: September 11, 2007

Similar Awards