English
Related papers

Related papers: Applying Memory Forensics to Rootkit Detection

200 papers

Memory forensics is a powerful technique commonly adopted to investigate compromised machines and to detect stealthy computer attacks that do not store data on non-volatile storage. To employ this technique effectively, the analyst has to…

Cryptography and Security · Computer Science 2025-07-29 Andrea Oliveri , Davide Balzarotti

The reliability of cyber forensic evidence acquisition is strongly influenced by the underlying operating systems, Windows, macOS, and Linux - due to inherent variations in file system structures, encryption protocols, and forensic tool…

Cryptography and Security · Computer Science 2026-02-03 Vinayak Jain , Sneha Sudhakaran , Saranyan Senthivel

Kernel rootkits provide adversaries with permanent high-privileged access to compromised systems and are often a key element of sophisticated attack chains. At the same time, they enable stealthy operation and are thus difficult to detect.…

Cryptography and Security · Computer Science 2025-03-05 Max Landauer , Leonhard Alton , Martina Lindorfer , Florian Skopik , Markus Wurzenberger , Wolfgang Hotwagner

The kind of malware designed to conceal malicious system resources (e.g. processes, network connections, files, etc.) is commonly referred to as a rootkit. This kind of malware represents a significant threat in contemporany systems.…

Cryptography and Security · Computer Science 2025-06-10 Enrique Soriano-Salvador , Gorka Guardiola Múzquiz , Juan González Gómez

Memory forensics is an effective methodology for analyzing living-off-the-land malware, including threats that employ evasion, obfuscation, anti-analysis, and steganographic techniques. By capturing volatile system state, memory analysis…

Cryptography and Security · Computer Science 2026-02-24 Silvia Lucia Sanna , Davide Maiorca , Giorgio Giacinto

One of the most elusive types of malware in recent times that pose significant challenges in the computer security system is the kernel-level rootkits. The kernel-level rootkits can hide its presence and malicious activities by modifying…

Cryptography and Security · Computer Science 2023-04-04 Mohammad Nadim , Wonjun Lee , David Akopian

In the era of the internet and smart devices, the detection of malware has become crucial for system security. Malware authors increasingly employ obfuscation techniques to evade advanced security solutions, making it challenging to detect…

Cryptography and Security · Computer Science 2024-04-04 S M Rakib Hasan , Aakar Dhakal

Existing anti-malware software and reverse engineering toolkits struggle with stealthy sub-OS rootkits due to limitations of run-time kernel-level monitoring. A malicious kernel-level driver can bypass OS-level anti-virus mechanisms easily.…

The ChatGPT Windows application offers better user interaction in the Windows operating system (OS) by enhancing productivity and streamlining the workflow of ChatGPT's utilization. However, there are potential misuses associated with this…

Cryptography and Security · Computer Science 2025-06-02 Malithi Wanniarachchi Kankanamge , Nick McKenna , Santiago Carmona , Syed Mhamudul Hasan , Abdur R. Shahid , Ahmed Imteaj

Digital forensics is the process of extracting, preserving, and documenting evidence in digital devices. A commonly used method in digital forensics is to extract data from the main memory of a digital device. However, the main challenge is…

Cryptography and Security · Computer Science 2022-09-14 Christofer Fellicious , Stewart Sentanoe , Michael Granitzer , Hans P. Reiser

This paper focuses on the anticipatory enhancement of methods of detecting stealth software. Cyber security detection tools are insufficiently powerful to reveal the most recent cyber-attacks which use malware. In this paper, we will…

Cryptography and Security · Computer Science 2016-06-16 Igor Korkin , Iwan Nesterow

The field of web has turned into a basic part in everyday life. Security in the web has dependably been a significant issue. Malware is utilized to rupture into the objective framework. There are various kinds of malwares, for example,…

Cryptography and Security · Computer Science 2020-05-01 R. Geetha Ramani , S Suresh Kumar

Forensic Memory Analysis (FMA) and Virtual Machine Introspection (VMI) are critical tools for security in a virtualization-based approach. VMI and FMA involves using digital forensic methods to extract information from the system to…

Cryptography and Security · Computer Science 2025-03-10 Christofer Fellicious , Hans P. Reiser , Michael Granitzer

Machine learning based malware detection techniques rely on grayscale images of malware and tends to classify malware based on the distribution of textures in graycale images. Albeit the advancement and promising results shown by machine…

Cryptography and Security · Computer Science 2022-08-05 Sanket Shukla

In adversarial machine learning, new defenses against attacks on deep learning systems are routinely broken soon after their release by more powerful attacks. In this context, forensic tools can offer a valuable complement to existing…

Cryptography and Security · Computer Science 2022-06-17 Shawn Shan , Arjun Nitin Bhagoji , Haitao Zheng , Ben Y. Zhao

Digital investigators often get involved with cases, which seemingly point the responsibility to the person to which the computer belongs, but after a thorough examination malware is proven to be the cause, causing loss of precious time.…

Cryptography and Security · Computer Science 2021-09-21 Muhammad Ali , Stavros Shiaeles , Nathan Clarke , Dimitrios Kontogeorgis

Malware and cheat developers use fileless execution techniques to evade traditional, signature-based security products. These methods include various types of manual mapping, module stomping, and threadless injection which work entirely…

Cryptography and Security · Computer Science 2025-08-07 Arjun Juneja

As machine-learning (ML) based systems for malware detection become more prevalent, it becomes necessary to quantify the benefits compared to the more traditional anti-virus (AV) systems widely used today. It is not practical to build an…

Cryptography and Security · Computer Science 2018-06-14 William Fleshman , Edward Raff , Richard Zak , Mark McLean , Charles Nicholas

Modern computing systems rely on the Unified Extensible Firmware Interface (UEFI), which has replaced the traditional BIOS as the firmware standard for the modern boot process. Despite the advancements, UEFI is increasingly targeted by…

Cryptography and Security · Computer Science 2025-01-29 Kalanit Suzan Segal , Hadar Cochavi Gorelik , Oleg Brodt , Yuval Elbahar , Yuval Elovici , Asaf Shabtai

Both malware and antivirus detection tools advance in their capabilities. Malware aim is to evade the detection while antivirus is to detect the malware. Over time, the detection techniques evolved from simple static signature matching over…

Cryptography and Security · Computer Science 2019-06-26 Ivica Stipovic
‹ Prev 1 2 3 10 Next ›