We present MemScrimper, a novel methodology to compress memory dumps of malware sandboxes. MemScrimper is built on the observation that sandboxes always start at the same system state (i.e., a sandbox snapshot) to analyze malware. Therefore, memory dumps taken after malware execution inside the same sandbox are substantially similar to each other, which we can use to only store the differences introduced by the malware itself. Technically, we compare the pages of those memory dumps against the pages of a reference memory dump taken from the same sandbox and then deduplicate identical or similar pages accordingly. MemScrimper increases data compression ratios by up to 3894.74% compared to standard compression utilities such as 7zip, ...
International audienceThis paper investigates memory carving techniques for embedded devices. Given ...
Packing is a very popular technique for obfuscating programs, and malware in particular. In order to...
AbstractAs hard disk encryption, RAM disks, persistent data avoidance technology and memory-only mal...
Lossless compression of memory dumps from virtual machines that run malware samples is considered wi...
In the realm of this computing age, malware is becoming steadily more prevalent. With the amount of ...
This paper presents the fusion of two subdomains of digital forensics: (1) raw memory analysis and (...
Increasingly complex malware continues to evade detection, stealing information, taking systems offl...
Memory forensics has become a powerful tool for the detection and analysis of malicious software. It...
The acquisition of volatile memory of running systems has become a prominent and essential procedure...
Malware is a major threat to the cyber world and the number of unique malware samples captured by an...
Malware brings significant threats to modern digitized society. Malware developers put in significan...
Volatile memory dump and its analysis is an essential part of digital forensics. Among a number of v...
The acquisition of volatile memory of running systems has become a prominent and essential procedure...
With the increasing prevalence and sophistication of malware, there is an urgent need for effective ...
pre-printMemory compression has been proposed and deployed in the past to grow the capacity of a mem...
International audienceThis paper investigates memory carving techniques for embedded devices. Given ...
Packing is a very popular technique for obfuscating programs, and malware in particular. In order to...
AbstractAs hard disk encryption, RAM disks, persistent data avoidance technology and memory-only mal...
Lossless compression of memory dumps from virtual machines that run malware samples is considered wi...
In the realm of this computing age, malware is becoming steadily more prevalent. With the amount of ...
This paper presents the fusion of two subdomains of digital forensics: (1) raw memory analysis and (...
Increasingly complex malware continues to evade detection, stealing information, taking systems offl...
Memory forensics has become a powerful tool for the detection and analysis of malicious software. It...
The acquisition of volatile memory of running systems has become a prominent and essential procedure...
Malware is a major threat to the cyber world and the number of unique malware samples captured by an...
Malware brings significant threats to modern digitized society. Malware developers put in significan...
Volatile memory dump and its analysis is an essential part of digital forensics. Among a number of v...
The acquisition of volatile memory of running systems has become a prominent and essential procedure...
With the increasing prevalence and sophistication of malware, there is an urgent need for effective ...
pre-printMemory compression has been proposed and deployed in the past to grow the capacity of a mem...
International audienceThis paper investigates memory carving techniques for embedded devices. Given ...
Packing is a very popular technique for obfuscating programs, and malware in particular. In order to...
AbstractAs hard disk encryption, RAM disks, persistent data avoidance technology and memory-only mal...