The Reincarnation of Virtual Machines
Queue - Virtual Machines
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Detecting Stealth Software with Strider GhostBuster
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Manitou: a layer-below approach to fighting malware
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Antfarm: tracking processes in a virtual machine environment
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
VMM-based hidden process detection and identification using Lycosid
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Cyber attack modeling and simulation for network security analysis
Proceedings of the 39th conference on Winter simulation: 40 years! The best is yet to come
Forensics examination of volatile system data using virtual introspection
ACM SIGOPS Operating Systems Review
Lares: An Architecture for Secure Active Monitoring Using Virtualization
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Virtual Machine Introspection: Observation or Interference?
IEEE Security and Privacy
Hypervisor support for identifying covertly executing binaries
SS'08 Proceedings of the 17th conference on Security symposium
Live Analysis: Progress and Challenges
Computing in Science and Engineering
A virtual integrated network emulator on XEN (viNEX)
Proceedings of the 2nd International Conference on Simulation Tools and Techniques
Simulating cyber-attacks for fun and profit
Proceedings of the 2nd International Conference on Simulation Tools and Techniques
SpringSim '09 Proceedings of the 2009 Spring Simulation Multiconference
Enhancing realistic hands-on network training in a virtual environment
SpringSim '09 Proceedings of the 2009 Spring Simulation Multiconference
A formal model for virtual machine introspection
Proceedings of the 1st ACM workshop on Virtual machine security
Windows Forensic Analysis DVD Toolkit, Second Edition
Windows Forensic Analysis DVD Toolkit, Second Edition
| Hi-index | 0.00 |
Static memory analysis has been proven a valuable technique for digital forensics. However, the memory capture technique halts the system causing the loss of important dynamic system data. As a result, live analysis techniques have emerged to complement static analysis. In this paper, a compiled memory analysis tool for virtualization (CMAT-V) is presented as a virtual machine introspection (VMI) utility to conduct live analysis during simulated cyber attacks. CMAT-V leverages static memory dump analysis techniques to provide live system state awareness. CMAT-V parses an arbitrary memory dump from a simulated guest operating system (OS) to extract user information, network usage, active process information and registry files. Unlike some VMI applications, CMAT-V bridges the semantic gap using derivation techniques. This provides increased operating system compatibility for current and future operating systems. This research demonstrates the usefulness of CMAT-V as a situational awareness tool during simulated cyber attacks and measures the overall performance of CMAT-V.