With the growing complexity of computing systems, memory based forensic techniques are becoming instrumental in digital investiga-tions. Digital forensic examiners can unravel what happened on a system by acquiring and inspecting in-memory data. Meanwhile, attackers have developed numerous anti-forensic mechanisms to defeat existing memory forensic techniques by manipulation of sys-tem software such as OS kernel. To counter anti-forensic tech-niques, some recent researches suggest that memory acquisition process can be trusted if the acquisition module has not been tam-pered with and all the operations are performed without relying on any untrusted software including the operating system. However, in this paper, we show that it is possible ...
Caches pose a significant challenge to formal proofs of security for code executing on application p...
The address sequence on the processor-memory bus can reveal abundant information about the control o...
Part 2: Work in ProgressInternational audienceThis paper presents an approach to prevent memory atta...
Memory forensics has become a powerful tool for the detection and analysis of malicious software. It...
Physical memory acquisition is a prerequisite when performing memory forensics, referring to a set o...
AbstractTo a great degree, research in memory forensics concentrates on the acquisition and analysis...
International audienceThe first step required to perform any analysis of a physical memory image is ...
AbstractIn this paper we assess the impact of GPU-assisted malware on memory forensics. In particula...
Communication and whole-disk cryptosystems are on the verge of becoming mainstream tools for protect...
Increasingly complex malware continues to evade detection, stealing information, taking systems offl...
Modern systems rely on Address-Space Layout Ran-domization (ASLR) and Data Execution Prevention (DEP...
The acquisition of volatile memory of running systems has become a prominent and essential procedure...
With software becoming harder to compromise due to modern defenses, attackers are increasingly looki...
There is no doubt that malicious software (malware) is one of the most important threat in computer...
Reliable memory acquisition is essential to forensic analysis of a cyber-crime. Various methods of m...
Caches pose a significant challenge to formal proofs of security for code executing on application p...
The address sequence on the processor-memory bus can reveal abundant information about the control o...
Part 2: Work in ProgressInternational audienceThis paper presents an approach to prevent memory atta...
Memory forensics has become a powerful tool for the detection and analysis of malicious software. It...
Physical memory acquisition is a prerequisite when performing memory forensics, referring to a set o...
AbstractTo a great degree, research in memory forensics concentrates on the acquisition and analysis...
International audienceThe first step required to perform any analysis of a physical memory image is ...
AbstractIn this paper we assess the impact of GPU-assisted malware on memory forensics. In particula...
Communication and whole-disk cryptosystems are on the verge of becoming mainstream tools for protect...
Increasingly complex malware continues to evade detection, stealing information, taking systems offl...
Modern systems rely on Address-Space Layout Ran-domization (ASLR) and Data Execution Prevention (DEP...
The acquisition of volatile memory of running systems has become a prominent and essential procedure...
With software becoming harder to compromise due to modern defenses, attackers are increasingly looki...
There is no doubt that malicious software (malware) is one of the most important threat in computer...
Reliable memory acquisition is essential to forensic analysis of a cyber-crime. Various methods of m...
Caches pose a significant challenge to formal proofs of security for code executing on application p...
The address sequence on the processor-memory bus can reveal abundant information about the control o...
Part 2: Work in ProgressInternational audienceThis paper presents an approach to prevent memory atta...