Hypervisor memory acquisition for ARM

Raz Ben Yehuda; Erez Shlingbaum; Yuval Gershfeld; Shaked Tayouri; Nezer Jacob Zaidenberg

doi:10.1016/j.fsidi.2020.301106

Hypervisor memory acquisition for ARM

Raz Ben Yehuda
, Erez Shlingbaum
, Yuval Gershfeld
, Shaked Tayouri
, Nezer Jacob Zaidenberg

פרסום מחקרי: פרסום בכתב עת › מאמר › ביקורת עמיתים

6 ציטוטים ‏(Scopus)

תקציר

Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.

שפה מקורית	אנגלית
מספר המאמר	301106
כתב עת	Forensic Science International: Digital Investigation
כרך	37
מזהי עצם דיגיטלי (DOIs)	https://doi.org/10.1016/j.fsidi.2020.301106
סטטוס פרסום	פורסם - יוני 2021
פורסם באופן חיצוני	כן

גישה למסמך

10.1016/j.fsidi.2020.301106

קבצים וקישורים אחרים

Link to publication in Scopus

פורמט ציטוט ביבליוגרפי

@article{2064bf76ad514a9f8b6b21946030db55,

title = "Hypervisor memory acquisition for ARM",

abstract = "Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.",

keywords = "ARM, Hypervisor, Linux, Real time, Virtualization",

author = "Yehuda, \{Raz Ben\} and Erez Shlingbaum and Yuval Gershfeld and Shaked Tayouri and Zaidenberg, \{Nezer Jacob\}",

note = "Publisher Copyright: {\textcopyright} 2021 Elsevier Ltd",

year = "2021",

month = jun,

doi = "10.1016/j.fsidi.2020.301106",

language = "אנגלית",

volume = "37",

journal = "Forensic Science International: Digital Investigation",

issn = "2666-2825",

publisher = "Elsevier Ltd.",

}

TY - JOUR

T1 - Hypervisor memory acquisition for ARM

AU - Yehuda, Raz Ben

AU - Shlingbaum, Erez

AU - Gershfeld, Yuval

AU - Tayouri, Shaked

AU - Zaidenberg, Nezer Jacob

PY - 2021/6

Y1 - 2021/6

N2 - Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.

AB - Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.

KW - ARM

KW - Hypervisor

KW - Linux

KW - Real time

KW - Virtualization

UR - https://www.scopus.com/pages/publications/85102968441

U2 - 10.1016/j.fsidi.2020.301106

DO - 10.1016/j.fsidi.2020.301106

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:85102968441

SN - 2666-2825

VL - 37

JO - Forensic Science International: Digital Investigation

JF - Forensic Science International: Digital Investigation

M1 - 301106

ER -

Hypervisor memory acquisition for ARM

תקציר

גישה למסמך

קבצים וקישורים אחרים

טביעת אצבע

פורמט ציטוט ביבליוגרפי