Hypervisor-assisted Atomic Memory Acquisition in Modern Systems

Michael Kiperberg; Roee Leon; Amit Resh; Asaf Algawi; Nezer Zaidenberg

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Hypervisor-assisted Atomic Memory Acquisition in Modern Systems

Topics: Intrusion Detection and Response; Security Frameworks, Architectures and Protocols

In Proceedings of the 5th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 155-162, 2019 , Prague, Czech Republic

Authors: Michael Kiperberg ¹ ; Roee Leon ² ; Amit Resh ³ ; Asaf Algawi ² and Nezer Zaidenberg ⁴

Affiliations: ¹ Faculty of Sciences, Holon Institute of Technology and Israel ; ² Department of Mathematical IT, University of Jyväskylä and Finland ; ³ School of Computer Engineering, Shenkar College of Engineering, Design and Art and Israel ; ⁴ School of Computer Sciences, The College of Management, Academic Studies and Israel

Keyword(s): Live Forensics, Memory Forensics, Memory Acquisition, Virtualization, Reliability, Atomicity, Integrity of a Memory Snapshot, Forensic Soundness.

Related Ontology Subjects/Areas/Topics: Internet Technology ; Intrusion Detection and Response ; Web Information Systems and Technologies

Abstract: Reliable memory acquisition is essential to forensic analysis of a cyber-crime. Various methods of memory acquisition have been proposed, ranging from tools based on a dedicated hardware to software only solutions. Recently, a hypervisor-based method for memory acquisition was proposed (Qi et al., 2017; Martignoni et al., 2010). This method obtains a reliable (atomic) memory image of a running system. The method achieves this by making all memory pages non-writable until they are copied to the memory image, thus preventing uncontrolled modification of these pages. Unfortunately, the proposed method has two deficiencies: (1) the method does not support multiprocessing and (2) the method does not support modern operating systems featuring address space layout randomization (ASLR). We describe a hypervisor-based memory acquisition method that solves the two aforementioned deficiencies. We analyze the memory usage and performance of the proposed method.

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 216.73.216.166

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Kiperberg, M., Leon, R., Resh, A., Algawi, A. and Zaidenberg, N. (2019). Hypervisor-assisted Atomic Memory Acquisition in Modern Systems. In Proceedings of the 5th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-359-9; ISSN 2184-4356, SciTePress, pages 155-162. DOI: 10.5220/0007566101550162

@conference{icissp19,
author={Michael Kiperberg and Roee Leon and Amit Resh and Asaf Algawi and Nezer Zaidenberg},
title={Hypervisor-assisted Atomic Memory Acquisition in Modern Systems},
booktitle={Proceedings of the 5th International Conference on Information Systems Security and Privacy - ICISSP},
year={2019},
pages={155-162},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007566101550162},
isbn={978-989-758-359-9},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 5th International Conference on Information Systems Security and Privacy - ICISSP
TI - Hypervisor-assisted Atomic Memory Acquisition in Modern Systems
SN - 978-989-758-359-9
IS - 2184-4356
AU - Kiperberg, M.
AU - Leon, R.
AU - Resh, A.
AU - Algawi, A.
AU - Zaidenberg, N.
PY - 2019
SP - 155
EP - 162
DO - 10.5220/0007566101550162
PB - SciTePress