A1 Journal article (refereed)
Hypervisor memory acquisition for ARM (2021)

Ben Yehuda, R., Shlingbaum, E., Gershfeld, Y., Tayouri, S., & Zaidenberg, N. J. (2021). Hypervisor memory acquisition for ARM. Forensic Science International: Digital Investigation, 37, Article 301106. https://doi.org/10.1016/j.fsidi.2020.301106

JYU authors or editors

Publication details

All authors or editors: Ben Yehuda, Raz; Shlingbaum, Erez; Gershfeld, Yuval; Tayouri, Shaked; Zaidenberg, Nezer Jacob

Journal or series: Forensic Science International: Digital Investigation

ISSN: 2666-2817

eISSN: 2666-2817

Publication year: 2021

Volume: 37

Article number: 301106

Publisher: Elsevier

Publication country: United Kingdom

Publication language: English

DOI: https://doi.org/10.1016/j.fsidi.2020.301106

Publication open access: Not open

Publication channel open access:


Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.

Keywords: data security; malware; forensic criminal investigation; memories (computing); virtualisation; Linux

Free keywords: real time; ARM; hypervisor; virtualization; Linux

Contributing organizations

Ministry reporting: Yes

Reporting Year: 2021

JUFO rating: 1

Last updated on 2022-19-08 at 19:45