Digital Investigation of PDF Files: Unveiling Traces of Embedded Malware
This work addresses the problem of PDF malware detection for cybersecurity professionals, but it is incremental as it reviews existing methods without introducing new solutions.
The paper provides an overview of attack techniques for PDF malware and discusses state-of-the-art analysis tools for digital forensic investigations, highlighting that PDF malware remains a major cybersecurity threat despite existing efforts.
Over the last decade, malicious software (or malware, for short) has shown an increasing sophistication and proliferation, fueled by a flourishing underground economy, in response to the increasing complexity of modern defense mechanisms. PDF documents are among the major vectors used to convey malware, thanks to the flexibility of their structure and the ability of embedding different kinds of content, ranging from images to JavaScript code. Despite the numerous efforts made by the research and industrial communities, PDF malware is still one of the major threats on the cyber-security landscape. In this paper, we provide an overview of the current attack techniques used to convey PDF malware, and discuss state-of-the-art PDF malware analysis tools that provide valuable support to digital forensic investigations. We finally discuss limitations and open issues of the current defense mechanisms, and sketch some interesting future research directions.