Playing "Hide and Seek" with Stored Keys
FC '99 Proceedings of the Third International Conference on Financial Cryptography
IEEE Security and Privacy
Digital Evidence and Computer Crime
Digital Evidence and Computer Crime
Forensic Discovery
The Architecture of Virtual Machines
Computer
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
Linux physical memory analysis
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Shredding your garbage: reducing data lifetime through secure deallocation
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Initial Case Analysis Using Windows Registry in Computer Forensics
FGCN '07 Proceedings of the Future Generation Communication and Networking - Volume 01
A proposal for an integrated memory acquisition mechanism
ACM SIGOPS Operating Systems Review
Acquiring volatile operating system data tools and techniques
ACM SIGOPS Operating Systems Review
Forensics examination of volatile system data using virtual introspection
ACM SIGOPS Operating Systems Review
Recovery of Encryption Keys from Memory Using a Linear Scan
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Towards the Virtual Memory Space Reconstruction for Windows Live Forensic Purposes
SADFE '08 Proceedings of the 2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering
Targeting Physically Addressable Memory
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
BootJacker: compromising computers using forced restarts
Proceedings of the 15th ACM conference on Computer and communications security
Lest we remember: cold-boot attacks on encryption keys
Communications of the ACM - Security in the Browser
Automatic Reverse Engineering of Malware Emulators
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Windows Memory Analysis Based on KPCR
IAS '09 Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 02
Robust signatures for kernel data structures
Proceedings of the 16th ACM conference on Computer and communications security
Volatile Memory Acquisition via Warm Boot Memory Survivability
HICSS '10 Proceedings of the 2010 43rd Hawaii International Conference on System Sciences
AESSE: a cold-boot resistant implementation of AES
Proceedings of the Third European Workshop on System Security
Unpacking virtualization obfuscators
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
An analysis of private browsing modes in modern browsers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
TRESOR runs encryption securely outside RAM
SEC'11 Proceedings of the 20th USENIX conference on Security
Using every part of the buffalo in Windows memory analysis
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Digital Investigation: The International Journal of Digital Forensics & Incident Response
The VAD tree: A process-eye view of physical memory
Digital Investigation: The International Journal of Digital Forensics & Incident Response
BodySnatcher: Towards reliable volatile memory acquisition by software
Digital Investigation: The International Journal of Digital Forensics & Incident Response
The Windows Registry as a forensic artefact: Illustrating evidence collection for Internet usage
Digital Investigation: The International Journal of Digital Forensics & Incident Response
User data persistence in physical memory
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Searching for processes and threads in Microsoft Windows memory dumps
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A hardware-based memory acquisition procedure for digital investigations
Digital Investigation: The International Journal of Digital Forensics & Incident Response
The Windows Registry as a forensic resource
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
Traditional, persistent data-oriented approaches in computer forensics face some limitations regarding a number of technological developments, e.g., rapidly increasing storage capabilities of hard drives, memory-resident malicious software applications, or the growing use of encryption routines, that make an in-time investigation more and more difficult. In order to cope with these issues, security professionals have started to examine alternative data sources and emphasize the value of volatile system information in RAM more recently. In this paper, we give an overview of the prevailing techniques and methods to collect and analyze a computer's memory. We describe the characteristics, benefits, and drawbacks of the individual solutions and outline opportunities for future research in this evolving field of IT security.