The Experts below are selected from a list of 1323 Experts worldwide ranked by ideXlab platform
Jesse D. Kornblum - One of the best experts on this subject based on the ideXlab platform.
-
A proposal for an integrated Memory acquisition mechanism
Operating Systems Review, 2008Co-Authors: Eugene Libster, Jesse D. KornblumAbstract:Volatile Memory forensics has become increasingly prominent in forensic analysis and incident response. Unfortunately there is currently no forensically sound method of acquiring an image of a system's Memory without attaching specialized hardware. This paper proposes the addition of a Memory acquisition mechanism to the operating system, thereby removing the need to load an external program. The method minimizes the acquisition's impact on the system's state, as well as making it more difficult for malicious programs to avoid detection or interfere with the Memory dump. The risks of allowing a Full Memory Capture and some considerations on how this method would interact with rootkits are also discussed.
Eugene Libster - One of the best experts on this subject based on the ideXlab platform.
-
A proposal for an integrated Memory acquisition mechanism
Operating Systems Review, 2008Co-Authors: Eugene Libster, Jesse D. KornblumAbstract:Volatile Memory forensics has become increasingly prominent in forensic analysis and incident response. Unfortunately there is currently no forensically sound method of acquiring an image of a system's Memory without attaching specialized hardware. This paper proposes the addition of a Memory acquisition mechanism to the operating system, thereby removing the need to load an external program. The method minimizes the acquisition's impact on the system's state, as well as making it more difficult for malicious programs to avoid detection or interfere with the Memory dump. The risks of allowing a Full Memory Capture and some considerations on how this method would interact with rootkits are also discussed.
