CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
Automated Analysis for Digital Forensic Science: Semantic Integrity Checking
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Methods for Cluster-Based Incident Detection
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Forensic Discovery
File System Forensic Analysis
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
Understanding source code evolution using abstract syntax tree matching
MSR '05 Proceedings of the 2005 international workshop on Mining software repositories
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A hardware-based memory acquisition procedure for digital investigations
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A proposal for an integrated memory acquisition mechanism
ACM SIGOPS Operating Systems Review
Seeing the invisible: forensic uses of anomaly detection and machine learning
ACM SIGOPS Operating Systems Review
Acquiring volatile operating system data tools and techniques
ACM SIGOPS Operating Systems Review
A highly immersive approach to teaching reverse engineering
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Kernel malware analysis with un-tampered and temporal views of dynamic kernel memory
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Attribution of malicious behavior
ICISS'10 Proceedings of the 6th international conference on Information systems security
Using every part of the buffalo in Windows memory analysis
Digital Investigation: The International Journal of Digital Forensics & Incident Response
The VAD tree: A process-eye view of physical memory
Digital Investigation: The International Journal of Digital Forensics & Incident Response
BodySnatcher: Towards reliable volatile memory acquisition by software
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Dynamic recreation of kernel data structures for live forensics
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Live memory forensics of mobile phones
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Persistent systems techniques in forensic acquisition of memory
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Locating ×86 paging structures in memory images
Digital Investigation: The International Journal of Digital Forensics & Incident Response
| Hi-index | 0.00 |
We present the Forensic Analysis ToolKit (FATKit) - a modular, extensible framework that increases the practical applicability of volatile memory forensic analysis by freeing human analysts from the prohibitively-tedious aspects of low-level data extraction. FATKit allows analysts to focus on higher-level tasks by providing novel methods for automatically deriving digital object definitions from C source code, extracting those objects from memory images, and visualizing the underlying data in various ways. FATKit presently includes modules for general virtual address space reconstruction and visualization, as well as Linux- and Windows-specific kernel analysis.