Hypervisor memory acquisition for ARM

Ben Yehuda, Raz; Shlingbaum, Erez; Gershfeld, Yuval; Tayouri, Shaked; Zaidenberg, Nezer Jacob

doi:10.1016/j.fsidi.2020.301106

acceptedVersion

Katso/Avaa

175.8 Kb

Lataukset:

Show download details Hide download details

Ben Yehuda, R., Shlingbaum, E., Gershfeld, Y., Tayouri, S., & Zaidenberg, N. J. (2021). Hypervisor memory acquisition for ARM. Forensic Science International: Digital Investigation, 37, Article 301106. https://doi.org/10.1016/j.fsidi.2020.301106

Julkaistu sarjassa

Forensic Science International: Digital Investigation

Tekijät

Ben Yehuda, Raz |

Shlingbaum, Erez |

Gershfeld, Yuval |

Tayouri, Shaked |

Zaidenberg, Nezer Jacob

Päivämäärä

2021

Tekijänoikeudet

Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.

Julkaisija

Elsevier

ISSN Hae Julkaisufoorumista

2666-2817

Lisenssi

Ellei muuten mainita, aineiston lisenssi on CC BY-NC-ND 4.0