Hypervisor memory acquisition for ARM

Raz Ben Yehuda, Erez Shlingbaum, Yuval Gershfeld, Shaked Tayouri, Nezer Jacob Zaidenberg

Research output: Contribution to journalArticlepeer-review


Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.

Original languageEnglish
Article number301106
JournalForensic Science International: Digital Investigation
StatePublished - Jun 2021
Externally publishedYes


  • ARM
  • Hypervisor
  • Linux
  • Real time
  • Virtualization

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Information Systems
  • Pathology and Forensic Medicine
  • Law
  • Medical Laboratory Technology


Dive into the research topics of 'Hypervisor memory acquisition for ARM'. Together they form a unique fingerprint.

Cite this