Volatile Memory Computer Forensics to Detect Kernel Level Compromise

View Related Documents

Journal Article
Kernel rootkits implement and detection
Li Xianghe, Zhang Liancheng and Li Shuo
Wuhan University Journal of Natural Sciences, 2006, Volume 11, Number 6, Pages 1473-1476
- Download PDF (371.6 KB)
Book Chapter
Shepherding Loadable Kernel Modules through On-demand Emulation
Chaoting Xuan, John Copeland and Raheem Beyah
Lecture Notes in Computer Science, 2009, Volume 5587, Detection of Intrusions and Malware, and Vulnerability Assessment, Pages 48-67
- Download PDF (311.1 KB)
Book Chapter
Re-establishing Trust in Compromised Systems: Recovering from Rootkits That Trojan the System Call Table
Julian B. Grizzard, John G. Levine and Henry L. Owen
Lecture Notes in Computer Science, 2004, Volume 3193, Computer Security – ESORICS 2004, Pages 369-384
- Download PDF (218.3 KB)
Book Chapter
Countering Persistent Kernel Rootkits through Systematic Hook Discovery
Zhi Wang, Xuxian Jiang, Weidong Cui and Xinyuan Wang
Lecture Notes in Computer Science, 2008, Volume 5230, Recent Advances in Intrusion Detection, Pages 21-38
- Download PDF (338.6 KB)
Book Chapter
Behavioral and Structural Properties of Malicious Code
Christopher Kruegel
Advances in Information Security, 1, Volume 27, Malware Detection, Part II, Pages 63-83
- Download PDF (1.2 MB)
Book Chapter
Analysis of Tools for Detecting Rootkits and Hidden Processes
A. Todd, J. Benson, G. Peterson, T. Franz and M. Stevens, et al.
IFIP International Federation for Information Processing, 2007, Volume 242, Advances in Digital Forensics III, Pages 89-105
- Download PDF (990.3 KB)
Book Chapter
A Method for Detecting Linux Kernel Module Rootkits
Doug Wampler and James Graham
IFIP International Federation for Information Processing, 2007, Volume 242, Advances in Digital Forensics III, Pages 107-116
- Download PDF (666.6 KB)
Book Chapter
Kernel Malware Analysis with Un-tampered and Temporal Views of Dynamic Kernel Memory
Junghwan Rhee, Ryan Riley, Dongyan Xu and Xuxian Jiang
Lecture Notes in Computer Science, 2010, Volume 6307, Recent Advances in Intrusion Detection, Pages 178-197
- Download PDF (486.7 KB)
Book Chapter
Transparent Protection of Commodity OS Kernels Using Hardware Virtualization
Michael Grace, Zhi Wang, Deepa Srinivasan, Jinku Li and Xuxian Jiang, et al.
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 1, Volume 50, Security and Privacy in Communication Networks, Part 4, Pages 162-180
- Download PDF (285.2 KB)
Book Chapter
Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing
Ryan Riley, Xuxian Jiang and Dongyan Xu
Lecture Notes in Computer Science, 2008, Volume 5230, Recent Advances in Intrusion Detection, Pages 1-20
- Download PDF (742.9 KB)

Abstract

This research presents a software-based computer forensics method capable of recovering and storing digital evidence from volatile memory without corrupting the hard drive. Acquisition of volatile memory is difficult because it must be transferred onto non-volatile memory prior to disrupting power. If this data is transferred onto the hard drive of the compromised computer it could destroy critical evidence. This research will enhance investigations by allowing the inclusion of hidden processes, kernel modules, and kernel modifications present only in memory that may have otherwise been neglected. This methodology can be applied to any operating system and has been proven through implementation on Linux.

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

Volatile Memory Computer Forensics to Detect Kernel Level Compromise

View Related Documents

Abstract

Fulltext Preview