This paper identifies an intrusion surveillance framework which provides an
analyst with the ability to investigate and monitor cyber-attacks in a covert
manner. Where cyber-attacks are perpetrated for the purposes of espionage the
ability to understand an adversary's techniques and objectives are an important
element in network and computer security. With the appropriate toolset,
security investigators would be permitted to perform both live and stealthy
counter-intelligence operations by observing the behaviour and communications
of the intruder. Subsequently a more complete picture of the attacker's
identity, objectives, capabilities, and infiltration could be formulated than
is possible with present technologies. This research focused on developing an
extensible framework to permit the covert investigation of malware.
Additionally, a Universal Serial Bus (USB) Mass Storage Device (MSD) based
covert channel was designed to enable remote command and control of the
framework. The work was validated through the design, implementation and
testing of a toolset.Comment: In Proceedings AIDP 2014, arXiv:1410.322