Hypervisor memory acquisition for ARM
| Autor: | Shaked Tayouri, Nezer Jacob Zaidenberg, Yuval Gershfeld, Erez Shlingbaum, Raz Ben Yehuda |
|---|---|
| Rok vydání: | 2021 |
| Předmět: |
Hardware_MEMORYSTRUCTURES
Computer science Hypervisor computer.software_genre Memory forensics Computer Science Applications Pathology and Forensic Medicine Medical Laboratory Technology Data_FILES Operating system Memory acquisition Volatility (finance) Malware analysis Law computer Information Systems |
| Zdroj: | Forensic Science International: Digital Investigation. 37:301106 |
| ISSN: | 2666-2817 |
| DOI: | 10.1016/j.fsidi.2020.301106 |
| Popis: | Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full Text from ScienceDirect