Intrusion detection systems as evidence
Computer Networks: The International Journal of Computer and Telecommunications Networking
Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Data lifetime is a systems problem
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Minos: Architectural support for protecting control data
ACM Transactions on Architecture and Code Optimization (TACO)
Scrash: a system for generating secure crash information
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Avfs: an on-access anti-virus file system
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Shredding your garbage: reducing data lifetime through secure deallocation
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Secure deletion of data from magnetic and solid-state memory
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
Disk-level behavioral malware detection
Disk-level behavioral malware detection
GrAVity: a massively parallel antivirus engine
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Proceedings of the 2010 workshop on New security paradigms
A Hybrid Algorithm of Backward Hashing and Automaton Tracking for Virus Scanning
IEEE Transactions on Computers
Application-level reconnaissance: timing channel attacks against antivirus software
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics
The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics
The impact of Microsoft Windows pool allocation strategies on memory forensics
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Live memory forensics of mobile phones
Digital Investigation: The International Journal of Digital Forensics & Incident Response
User data persistence in physical memory
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Visualization in testing a volatile memory forensic tool
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Toward a general collection methodology for Android devices
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Forensic carving of network packets and associated data structures
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Empirical analysis of solid state disk data retention when used with contemporary operating systems
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
Digital forensics DF has a significant role in accusing cyber criminals and proving them guilty. A criminal, if possible, may manage to delete the crime evidences in order to deny her responsibility about the crime. As the antivirus AV becomes an essential security component, this paper studies the effect of the AV on the digital evidence. The AV intercepts many system operations to check if the involved data contain malicious contents. This paper studies the effect of the AV on data from forensics perspectives. We design representing experiments and check if the AV affects the RAM artefacts of the involved tasks. We test three common AVs and show that the AV has an obvious effect on the RAM artefacts. To the best of our knowledge, we are the first to study the impact of the AV on the digital evidence.