Styx: Countering Robust Memory Acquisition

25th May 20204th March 2019 by Forensic Focus

Ralph: Welcome, everyone, and thank you for the introduction as well as having the opportunity to present our research. As mentioned, my name is Ralph Palutke, and I work as a PhD student for the Security Research Group of the Friedrich Alexander University of Erlangen and Nurnberg, which is led by Prof. Freiling, who is also attending this conference.

As for this talk, I want to propose a novel rootkit technique that is able to counter memory acquisition tools that claim to be even robust against anti-forensics.

Nowadays, malware is still the enabling technology for modern cybercrime, and therefore, we have a great demand for methods to detect, acquire, and analyze such malware. And since modern malware often exists in volatile memory only, memory acquisition has become a vital tool for digital investigations. In this talk, I want to focus solely on software-based methods that run directly on the target system, and lately, we’ve seen that memory forensics has to face two new sophisticated threats, which are, on the one hand, hidden memory rootkits, as well as rootkits that subvert hypervisor technology.

Latest Videos

Forensic Focus

Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_AfSiWHngSnw

Digital Forensics News Round-Up, May 15 2024 #dfir #computerforensics

Forensic Focus 15th May 2024 4:55 pm

Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-15-2024/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_Mqq8XgKvup4

Digital Forensics News Round-Up, May 15 2024 #dfir #computerforensics

Forensic Focus 15th May 2024 3:58 pm

In this webinar, David Spreadborough, Forensic Analyst at Amped Software, provides a closer look at those important early stages in investigations involving video evidence. Starting with establishing the integrity of the digital data and evaluating the authenticity of the produced visual image.

From demonstrative timelines to speed estimation, the evidential foundations are paramount in every case.

Failure to consider these steps and misinterpreting the data can cause unnecessary delays, mistakes, and potentially even miscarriages of justice.

Amped FIVE is used to conduct data analysis, file conversion, and assessment of image reliability.

Useful links:

Amped FIVE - https://ampedsoftware.com/five
Video Evidence Principles - https://blog.ampedsoftware.com/2023/0...
CCTV Acquisition introduction - https://blog.ampedsoftware.com/2023/0...

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_dnSPwNdMn5M

Investigating Video: The Vital First Steps

Forensic Focus 13th May 2024 10:09 am

Load More... Subscribe

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.