A1 Journal article (refereed)
Hypervisor memory acquisition for ARM (2021)

Ben Yehuda, R., Shlingbaum, E., Gershfeld, Y., Tayouri, S., & Zaidenberg, N. J. (2021). Hypervisor memory acquisition for ARM. Forensic Science International: Digital Investigation, 37, Article 301106. https://doi.org/10.1016/j.fsidi.2020.301106

JYU authors or editors

Ben Yehuda, Raz

Publication details

All authors or editors: Ben Yehuda, Raz; Shlingbaum, Erez; Gershfeld, Yuval; Tayouri, Shaked; Zaidenberg, Nezer Jacob

Journal or series: Forensic Science International: Digital Investigation

ISSN: 2666-2817

eISSN: 2666-2817

Publication year: 2021

Volume: 37

Article number: 301106

Publisher: Elsevier

Publication country: United Kingdom

Publication language: English

DOI: https://doi.org/10.1016/j.fsidi.2020.301106

Publication open access: Not open

Publication channel open access:

Abstract

Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.

Keywords: data security; malware; forensic criminal investigation; memories (computing); virtualisation; Linux

Free keywords: real time; ARM; hypervisor; virtualization; Linux

Fields of science:

113 Computer and information sciences (Natural sciences)

Contributing organizations

JYU units:

Faculty of Information Technology

Ministry reporting: Yes

Reporting Year: 2021

JUFO rating: 1

A1 Journal article (refereed)Hypervisor memory acquisition for ARM (2021)

JYU authors or editors

Publication details

Abstract

Contributing organizations

A1 Journal article (refereed)
Hypervisor memory acquisition for ARM (2021)