Styx: Countering Robust Memory Acquisition

Ralph: Welcome, everyone, and thank you for the introduction as well as having the opportunity to present our research. As mentioned, my name is Ralph Palutke, and I work as a PhD student for the Security Research Group of the Friedrich Alexander University of Erlangen and Nurnberg, which is led by Prof. Freiling, who is also attending this conference.

As for this talk, I want to propose a novel rootkit technique that is able to counter memory acquisition tools that claim to be even robust against anti-forensics.

Nowadays, malware is still the enabling technology for modern cybercrime, and therefore, we have a great demand for methods to detect, acquire, and analyze such malware. And since modern malware often exists in volatile memory only, memory acquisition has become a vital tool for digital investigations. In this talk, I want to focus solely on software-based methods that run directly on the target system, and lately, we’ve seen that memory forensics has to face two new sophisticated threats, which are, on the one hand, hidden memory rootkits, as well as rootkits that subvert hypervisor technology.

Read More

Leave a Comment

Latest Articles