@inproceedings{073ed74a0abd4691a354deec4e0ef6f5,
title = "Hypervisor Memory Introspection and Hypervisor Based Malware Honeypot",
abstract = "Memory acquisition is a tool used in advanced forensics and malware analysis. Various methods of memory acquisition exist. Such solutions are ranging from tools based on dedicated hardware to software-only solutions. We proposed a hypervisor based memory acquisition tool. [22]. Our method supports ASLR and Modern operating systems which is an innovation compared to past methods [27, 36]. We extend the hypervisor assisted memory acquisition by adding mass storage device honeypots for the malware to cross and propose hiding the hypervisor using bluepill technology.",
keywords = "Atomicity, Forensic soundness, Integrity of a memory snapshot, Live forensics, Memory acquisition, Memory forensics, Reliability, Virtualization",
author = "Zaidenberg, \{Nezer Jacob\} and Michael Kiperberg and Yehuda, \{Raz Ben\} and Roee Leon and Asaf Algawi and Amit Resh",
note = "Publisher Copyright: {\textcopyright} 2020, Springer Nature Switzerland AG.; 5th International Conference on Information Systems Security and Privacy, ICISSP 2019 ; Conference date: 23-02-2019 Through 25-02-2019",
year = "2020",
doi = "10.1007/978-3-030-49443-8\_15",
language = "אנגלית",
isbn = "9783030494421",
series = "Communications in Computer and Information Science",
pages = "317--334",
editor = "Paolo Mori and Steven Furnell and Olivier Camp",
booktitle = "Information Systems Security and Privacy - 5th International Conference, ICISSP 2019, Revised Selected Papers",
}