Hypervisor memory acquisition for ARM

Raz Ben Yehuda, Erez Shlingbaum, Yuval Gershfeld, Shaked Tayouri, Nezer Jacob Zaidenberg

Research output: Contribution to journalArticlepeer-review

Abstract

Cyber forensics use memory acquisition in advanced forensics and malware analysis. We propose a hypervisor based memory acquisition tool. Our implementation extends the volatility memory forensics framework by reducing the processor's consumption, solves the in-coherency problem in the memory snapshots and mitigates the pressure of the acquisition on the network and the disk. We provide benchmarks and evaluation.

Original languageEnglish
Article number301106
JournalForensic Science International: Digital Investigation
Volume37
DOIs
StatePublished - Jun 2021
Externally publishedYes

Keywords

  • ARM
  • Hypervisor
  • Linux
  • Real time
  • Virtualization

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Information Systems
  • Pathology and Forensic Medicine
  • Law
  • Medical Laboratory Technology

Fingerprint

Dive into the research topics of 'Hypervisor memory acquisition for ARM'. Together they form a unique fingerprint.

Cite this