Hypervisor memory acquisition for ARM

Raz Ben Yehuda; Erez Shlingbaum; Yuval Gershfeld; Shaked Tayouri; Nezer Jacob Zaidenberg

doi:10.1016/j.fsidi.2020.301106

Hypervisor memory acquisition for ARM

Raz Ben Yehuda
, Erez Shlingbaum
, Yuval Gershfeld
, Shaked Tayouri
, Nezer Jacob Zaidenberg

نتاج البحث: نشر في مجلة › مقالة › مراجعة النظراء

6 اقتباسات (Scopus)

ملخص

Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.

اللغة الأصلية	الإنجليزيّة
رقم المقال	301106
دورية	Forensic Science International: Digital Investigation
مستوى الصوت	37
المعرِّفات الرقمية للأشياء	https://doi.org/10.1016/j.fsidi.2020.301106
حالة النشر	نُشِر - يونيو 2021
منشور خارجيًا	نعم

الوصول إلى المستند

10.1016/j.fsidi.2020.301106

الملفات والروابط الأخرى

Link to publication in Scopus

قم بذكر هذا

@article{2064bf76ad514a9f8b6b21946030db55,

title = "Hypervisor memory acquisition for ARM",

abstract = "Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.",

keywords = "ARM, Hypervisor, Linux, Real time, Virtualization",

author = "Yehuda, \{Raz Ben\} and Erez Shlingbaum and Yuval Gershfeld and Shaked Tayouri and Zaidenberg, \{Nezer Jacob\}",

note = "Publisher Copyright: {\textcopyright} 2021 Elsevier Ltd",

year = "2021",

month = jun,

doi = "10.1016/j.fsidi.2020.301106",

language = "אנגלית",

volume = "37",

journal = "Forensic Science International: Digital Investigation",

issn = "2666-2825",

publisher = "Elsevier Ltd.",

}

TY - JOUR

T1 - Hypervisor memory acquisition for ARM

AU - Yehuda, Raz Ben

AU - Shlingbaum, Erez

AU - Gershfeld, Yuval

AU - Tayouri, Shaked

AU - Zaidenberg, Nezer Jacob

PY - 2021/6

Y1 - 2021/6

N2 - Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.

AB - Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.

KW - ARM

KW - Hypervisor

KW - Linux

KW - Real time

KW - Virtualization

UR - https://www.scopus.com/pages/publications/85102968441

U2 - 10.1016/j.fsidi.2020.301106

DO - 10.1016/j.fsidi.2020.301106

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:85102968441

SN - 2666-2825

VL - 37

JO - Forensic Science International: Digital Investigation

JF - Forensic Science International: Digital Investigation

M1 - 301106

ER -

Hypervisor memory acquisition for ARM

ملخص

الوصول إلى المستند

الملفات والروابط الأخرى

بصمة

قم بذكر هذا