Hypervisor-assisted Atomic Memory Acquisition in Modern Systems

@inproceedings{Kiperberg2019HypervisorassistedAM,
  title={Hypervisor-assisted Atomic Memory Acquisition in Modern Systems},
  author={Michael Kiperberg and R. Leon and A. Resh and Asaf Algawi and N. Zaidenberg},
  booktitle={ICISSP},
  year={2019}
}
  • Michael Kiperberg, R. Leon, +2 authors N. Zaidenberg
  • Published in ICISSP 2019
  • Computer Science
  • Reliable memory acquisition is essential to forensic analysis of a cyber-crime. Various methods of memory acquisition have been proposed, ranging from tools based on a dedicated hardware to software only solutions. Recently, a hypervisor-based method for memory acquisition was proposed (Qi et al., 2017; Martignoni et al., 2010). This method obtains a reliable (atomic) memory image of a running system. The method achieves this by making all memory pages non-writable until they are copied to the… CONTINUE READING
    5 Citations

    Figures, Tables, and Topics from this paper

    Explore Further: Topics Discussed in This Paper

    Protection against reverse engineering in ARM
    • 4
    • PDF
    Efficient Protection for VDI Workstations

    References

    SHOWING 1-10 OF 24 REFERENCES
    When hardware meets software: a bulletproof solution to forensic memory acquisition
    • 38
    • PDF
    A hardware-based memory acquisition procedure for digital investigations
    • 203
    • PDF
    Live Memory Acquisition through FireWire
    • 9
    ForenVisor: A Tool for Acquiring and Preserving Reliable Data in Cloud Live Forensics
    • 21
    • Highly Influential
    • PDF
    BitVisor: a thin hypervisor for enforcing i/o device security
    • 169
    • PDF
    SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
    • 658
    • PDF
    Live and Trustworthy Forensic Analysis of Commodity Production Systems
    • 54
    • Highly Influential
    • PDF
    Jump over ASLR: Attacking branch predictors to bypass ASLR
    • 154
    • PDF
    Remote Attestation of Software and Execution-Environment in Modern Machines
    • 11