Sean Williams

Attempt to save or search the process space of suspect binary encryptor

1

After stopping the decryption process, attempt to determine the malware family and automatically decrypt the encrypted files. Maybe place the attempted decrypted files in a staging directory for the user...

Notify user with GUI popup and/or system logging facility when malware is detected

1

The current mode of operation is to write to cryptostalker's stdout when malware is detected. It'd be nice to alert the user in a way that they'll actually notice!

cryptostalker currently detects new files and reads them from the filesystem in their entirety in order to determine randomness. We should stop doing this in favor of reading in smaller...

Detect secret key material in use by the encrypting process

3

After stopping the process (or on Windows, before killing it), iterate over the process' memory maps and open files to detect known signatures of key material, e.g. "-----BEGIN RSA PRIVATE...

Implement --count and --window parameters

1

Current version supports only --path.

Need the username as well