Building Stack Traces From Memory Dump Of Windows x64

Yuto Otsuki discusses his research at DFRWS EU 2018.

Yuto: Thank you, chairperson. I am Yuto Otsuki, a researcher at NTT Secure Platform Laboratories in Japan.

Today, I’d like to talk about building stack traces from memory dump of Windows x64. Now, as you know, malware is widely used for various cyberattacks. To fight against such attacks, forensic analysis is a conventional approach. And stack traces play an important role in memory forensics, as well as program debugging. Stack traces become a clue to uncover what malware has actually done on the host. However, unfortunately, traditional techniques don’t work for memory dump of Windows x64 environment.

We propose a new method for building stack traces from such memory dump. I’ll start talking from background.

Read More

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles