GView: A Versatile Assistant for Security Researchers

Cyber security attacks have become increasingly complex over time, with various phases of their kill chain, involving binaries, scripts, documents, executed commands, vulnerabilities, or network traffic. We propose a tool, GView, that is designed to investigate possible attacks by providing guided analysis for various file types using automatic artifact identification, extraction, coherent correlation &,inference, and meaningful & intuitive views at different levels of granularity w.r.t. revealed information. The concept behind GView simplifies navigation through all payloads in a complex attack, streamlining the process for security researchers, and Increasing the quality of analysis. GView is generic in the sense it supports a variety of file types and has multiple visualization modes that can be automatically adjusted for each file type alone. Our evaluation shows that GView significantly improves the analysis time of an attack compared to conventional tools used in forensics.