The aim of this module is to equip students with the tools and techniques needed to reverse engineer system failures or anomalous behaviour.
Given the complexity of cyber-physical systems there will be occasions where a failure or anomalous behaviour needs to be explored in depth. For example, where it is suspected that a system has been infected with malware or that unauthorised changes have been made to the system, the digital artefacts (software, data, storage media, etc) may need to be analysed. This module provides an engineer with an appreciation and practical experience of using specialist tools to investigate the operation or performance of a digital system.
There are situations where, rather than creating an executable program from source, the engineer may need to go in the opposite direction; i.e. to infer what the source code might look like by analysing the executable. Maybe you have some potential malware; maybe you have an executable for which you no longer have the source. Either way, you want to know what the program will do, were it to run on your system.
In order to reverse back from the executable to the original, you need to understand the typical idioms that an operating system, architecture and code generation programs will adopt to convert high level constructs into low level executables.
If the executable is malware, then it is likely the authors will have strewn this road you wish to reverse with obfuscating hazards. Under these circumstances you need to understand the typical idioms of obfuscation
This module aims to develop the ability to reverse back from the detail of the executable instance to infer what the overall pattern of behaviour might be. In a similar manner, it develops the similar ability to reverse back from the detail of numerous individual network packets to infer what the overall pattern of traffic might represent.