6533b85bfe1ef96bd12bb354

RESEARCH PRODUCT

Hypervisor memory acquisition for ARM

Shaked TayouriNezer Jacob ZaidenbergYuval GershfeldErez ShlingbaumRaz Ben Yehuda

subject

Hardware_MEMORYSTRUCTURESComputer scienceHypervisorcomputer.software_genreMemory forensicsComputer Science ApplicationsPathology and Forensic MedicineMedical Laboratory TechnologyData_FILESOperating systemMemory acquisitionVolatility (finance)Malware analysisLawcomputerInformation Systems

description

Abstract Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.

yearjournalcountryeditionlanguage
2021-06-01Forensic Science International: Digital Investigation
https://doi.org/10.1016/j.fsidi.2020.301106