Forensics examination of volatile system data using virtual introspection
作者: Brian Hay , Kara Nance
关键词:
摘要: While static examination of computer systems is an important part many digital forensics investigations, there are often system properties present only in volatile memory that cannot be effectively recovered using analysis techniques, such as offline hard disk acquisition and analysis. An alternative approach, involving the live target to uncover this data, presents significant risks challenges forensic investigators observation techniques generally intrusive can affect being observed. This paper provides a discussion through virtual introspection suite tools developed for Xen (VIX tools). The VIX used unobtrusive data machines, addresses key research area identified virtualization agenda [22].
acm.org
sci-hub.se 参考文章(14)
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
Kurniadi Asrigo, Lionel Litty, David Lie, Using VMM-based sensors to monitor honeypots Proceedings of the 2nd international conference on Virtual execution environments - VEE '06. pp. 13- 23 ,(2006) , 10.1145/1134760.1134765
Simon Crosby, David Brown, None, The Virtualization Reality: Are hypervisors the new foundation for system software? ACM Queue. ,vol. 4, pp. 34- 41 ,(2006) , 10.1145/1189276.1189289
Mendel Rosenblum, The Reincarnation of Virtual Machines: Virtualization makes a comeback. ACM Queue. ,vol. 2, pp. 34- 40 ,(2004) , 10.1145/1016998.1017000
Bryan D. Payne, Reiner Sailer, Ramón Cáceres, Ron Perez, Wenke Lee, A layered approach to simplified access control in virtualized systems ACM SIGOPS Operating Systems Review. ,vol. 41, pp. 12- 19 ,(2007) , 10.1145/1278901.1278905
Lionel Litty, David Lie, Manitou Proceedings of the 1st workshop on Architectural and system support for improving software dependability - ASID '06. pp. 6- 11 ,(2006) , 10.1145/1181309.1181311
Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig, SecVisor Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles - SOSP '07. ,vol. 41, pp. 335- 350 ,(2007) , 10.1145/1294261.1294294
Nguyen Anh Quynh, Yoshiyasu Takefuji, Towards a tamper-resistant kernel rootkit detector Proceedings of the 2007 ACM symposium on Applied computing - SAC '07. pp. 276- 283 ,(2007) , 10.1145/1244002.1244070
Xuxian Jiang, Xinyuan Wang, Dongyan Xu, Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction computer and communications security. pp. 128- 138 ,(2007) , 10.1145/1315245.1315262
Min Xu, Xuxian Jiang, Ravi Sandhu, Xinwen Zhang, Towards a VMM-based usage control framework for OS kernel integrity protection symposium on access control models and technologies. pp. 71- 80 ,(2007) , 10.1145/1266840.1266852