A4 Article in conference proceedings
Hypervisor Memory Introspection and Hypervisor Based Malware Honeypot (2020)


Zaidenberg, Nezer Jacob; Kiperberg, Michael; Yehuda, Raz Ben; Leon, Roee; Algawi, Asaf; Resh, Amit (2020). Hypervisor Memory Introspection and Hypervisor Based Malware Honeypot. In Mori, Paolo; Furnell, Steven; Camp, Olivier (Eds.) ICISSP 2019 : 5th International Conference on Information Systems Security and Privacy, Revised Selected Papers, Communications in Computer and Information Science, 1221. Cham: Springer, 317-334. DOI: 10.1007/978-3-030-49443-8_15


JYU authors or editors


Publication details

All authors or editors: Zaidenberg, Nezer Jacob; Kiperberg, Michael; Yehuda, Raz Ben; Leon, Roee; Algawi, Asaf; Resh, Amit

Parent publication: ICISSP 2019 : 5th International Conference on Information Systems Security and Privacy, Revised Selected Papers

Parent publication editors: Mori, Paolo; Furnell, Steven; Camp, Olivier

Place and date of conference: Prague, Czech Republic, 23.-25.2.2019

ISBN: 978-3-030-49442-1

eISBN: 978-3-030-49443-8

Journal or series: Communications in Computer and Information Science

ISSN: 1865-0929

eISSN: 1865-0937

Publication year: 2020

Number in series: 1221

Pages range: 317-334

Number of pages in the book: 427

Publisher: Springer

Place of Publication: Cham

Publication country: Switzerland

Publication language: English

DOI: http://doi.org/10.1007/978-3-030-49443-8_15

Open Access: Publication channel is not openly available


Abstract

Memory acquisition is a tool used in advanced forensics and malware analysis. Various methods of memory acquisition exist. Such solutions are ranging from tools based on dedicated hardware to software-only solutions. We proposed a hypervisor based memory acquisition tool. Our method supports ASLR and Modern operating systems which is an innovation compared to past methods. We extend the hypervisor assisted memory acquisition by adding mass storage device honeypots for the malware to cross and propose hiding the hypervisor using bluepill technology.


Keywords: data security; malware; memories (computing); virtualisation

Free keywords: live forensics; memory forensics; memory acquisition; virtualization; reliability; atomicity; integrity of a memory snapshot; forensic soundness


Contributing organizations


Ministry reporting: Yes


Last updated on 2020-14-08 at 15:58