Cyber security attacks have become increasingly complex over time, with various phases of their kill chain, involving binaries, scripts, documents, executed commands, vulnerabilities, or network traffic. We propose a tool, GView, that is designed to investigate possible attacks by providing guided analysis for various file types using automatic artifact identification, extraction, coherent correlation &,inference, and meaningful & intuitive views at different levels of granularity w.r.t. revealed information. The concept behind GView simplifies navigation through all payloads in a complex attack, streamlining the process for security researchers, and Increasing the quality of analysis. GView is generic in the sense it supports a variety of file types and has multiple visualization modes that can be automatically adjusted for each file type alone. Our evaluation shows that GView significantly improves the analysis time of an attack compared to conventional tools used in forensics.

翻译：随着时间的推移，网络安全攻击变得日益复杂，其杀伤链涉及多个阶段，包括二进制文件、脚本、文档、执行命令、漏洞或网络流量。我们提出了一款名为GView的工具，旨在通过自动化物证识别、提取、连贯关联与推理，以及针对所揭示信息在不同粒度级别上提供有意义的直观视图，从而支持对各类文件进行引导式分析，以调查潜在攻击。GView的设计理念简化了对复杂攻击中所有载荷的导航流程，提升了安全研究人员的分析效率与分析质量。GView具有通用性，支持多种文件类型，并具备多种可视化模式，这些模式可针对每种文件类型自动调整。评估结果表明，相较于取证领域中使用的传统工具，GView显著缩短了攻击分析时间。