@inproceedings{ef862179700f4a5e957e6e8895412d7c,
title = "Hypervisor-assisted atomic memory acquisition in modern systems",
abstract = "Reliable memory acquisition is essential to forensic analysis of a cyber-crime. Various methods of memory acquisition have been proposed, ranging from tools based on a dedicated hardware to software only solutions. Recently, a hypervisor-based method for memory acquisition was proposed (Qi et al., 2017; Martignoni et al., 2010). This method obtains a reliable (atomic) memory image of a running system. The method achieves this by making all memory pages non-writable until they are copied to the memory image, thus preventing uncontrolled modification of these pages. Unfortunately, the proposed method has two deficiencies: (1) the method does not support multiprocessing and (2) the method does not support modern operating systems featuring address space layout randomization (ASLR). We describe a hypervisor-based memory acquisition method that solves the two aforementioned deficiencies. We analyze the memory usage and performance of the proposed method.",
keywords = "Atomicity, Forensic Soundness, Integrity of a Memory Snapshot, Live Forensics, Memory Acquisition, Memory Forensics, Reliability, Virtualization",
author = "Michael Kiperberg and Roee Leon and Amit Resh and Asaf Algawi and Nezer Zaidenberg",
note = "Publisher Copyright: {\textcopyright} 2019 by SCITEPRESS-Science and Technology Publications, Lda. All rights reserved.; 5th International Conference on Information Systems Security and Privacy , ICISSP 2019 ; Conference date: 23-02-2019 Through 25-02-2019",
year = "2019",
doi = "10.5220/0007566101550162",
language = "אנגלית",
isbn = "9789897583599",
series = "ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy",
publisher = "Science and Technology Publications, Lda",
pages = "155--162",
editor = "Paolo Mori and Steven Furnell and Olivier Camp",
booktitle = "ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy",
}