Hypervisor-assisted Atomic Memory Acquisition in Modern Systems

@inproceedings{Kiperberg2019HypervisorassistedAM,
  title={Hypervisor-assisted Atomic Memory Acquisition in Modern Systems},
  author={Michael Kiperberg and R. Leon and A. Resh and Asaf Algawi and N. Zaidenberg},
  booktitle={ICISSP},
  year={2019}
}
  • Michael Kiperberg, R. Leon, +2 authors N. Zaidenberg
  • Published in ICISSP 2019
  • Computer Science
    • Reliable memory acquisition is essential to forensic analysis of a cyber-crime. Various methods of memory acquisition have been proposed, ranging from tools based on a dedicated hardware to software only solutions. Recently, a hypervisor-based method for memory acquisition was proposed (Qi et al., 2017; Martignoni et al., 2010). This method obtains a reliable (atomic) memory image of a running system. The method achieves this by making all memory pages non-writable until they are copied to the… CONTINUE READING
    View via Publisher
    scitepress.org
    5 Citations
    Background Citations
    2
    Methods Citations
    1

    Figures, Tables, and Topics from this paper

    Figures and Tables

    Explore Further: Topics Discussed in This Paper

    5 Citations
    Citation Type

    Citation Type

    Hypervisor Memory Introspection and Hypervisor Based Malware Honeypot
    HyperLeech: Stealthy System Virtualization with Minimal Target Impact through DMA-Based Hypervisor Injection
    • PDF
    Protection against reverse engineering in ARM
    • 4
    • PDF
    Efficient Protection for VDI Workstations
    Information Systems Security and Privacy: 5th International Conference, ICISSP 2019, Prague, Czech Republic, February 23-25, 2019, Revised Selected Papers

    References

    SHOWING 1-10 OF 24 REFERENCES
    When hardware meets software: a bulletproof solution to forensic memory acquisition
    • 38
    • PDF
    A hardware-based memory acquisition procedure for digital investigations
    • 203
    • PDF
    Live Memory Acquisition through FireWire
    • 9
    ForenVisor: A Tool for Acquiring and Preserving Reliable Data in Cloud Live Forensics
    • 21
    • Highly Influential
    • PDF
    BitVisor: a thin hypervisor for enforcing i/o device security
    • 169
    • PDF
    SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
    • 658
    • PDF
    Live and Trustworthy Forensic Analysis of Commodity Production Systems
    • 54
    • Highly Influential
    • PDF
    Jump over ASLR: Attacking branch predictors to bypass ASLR
    • 154
    • PDF
    Remote Attestation of Software and Execution-Environment in Modern Machines
    • 11
    Linux on Cell Broadband Engine status update 21 Arnd Bergmann Linux Kernel Debugging on Google-sized clusters 29
    • 21
    • PDF