A1 Journal article (refereed)
Hypervisor memory acquisition for ARM (2021)


Ben Yehuda, R., Shlingbaum, E., Gershfeld, Y., Tayouri, S., & Zaidenberg, N. J. (2021). Hypervisor memory acquisition for ARM. Forensic Science International: Digital Investigation, 37, Article 301106. https://doi.org/10.1016/j.fsidi.2020.301106


JYU authors or editors


Publication details

All authors or editors: Ben Yehuda, Raz; Shlingbaum, Erez; Gershfeld, Yuval; Tayouri, Shaked; Zaidenberg, Nezer Jacob

Journal or series: Forensic Science International: Digital Investigation

ISSN: 2666-2817

eISSN: 2666-2817

Publication year: 2021

Volume: 37

Article number: 301106

Publisher: Elsevier

Publication country: United Kingdom

Publication language: English

DOI: https://doi.org/10.1016/j.fsidi.2020.301106

Publication open access: Not open

Publication channel open access:


Abstract

Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.


Keywords: data security; malware; forensic criminal investigation; memories (computing); virtualisation; Linux

Free keywords: real time; ARM; hypervisor; virtualization; Linux


Contributing organizations


Ministry reporting: Yes

Reporting Year: 2021

Preliminary JUFO rating: 1


Last updated on 2021-07-07 at 17:55