The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - March/April (2009 vol.7)
pp: 30-37
Brian Hay , University of Alaska Fairbanks
Matt Bishop , University of California, Davis
Kara Nance , University of Alaska Fairbanks
ABSTRACT
As computer technologies become increasingly ubiquitous, so must supporting digital forensics tools and techniques for efficiently and effectively analyzing associated systems' behavior. Live analysis is a logical and challenging step forward in this area and a method that has recently received increased R&D focus. This article describes some live analysis approaches as well as tools and techniques for live analysis on real and virtual machines. The discussion includes research challenges and open problems.
INDEX TERMS
digital forensics, live analysis, vulnerabilities analysis, computer security
CITATION
Brian Hay, Matt Bishop, Kara Nance, "Live Analysis: Progress and Challenges", IEEE Security & Privacy, vol.7, no. 2, pp. 30-37, March/April 2009, doi:10.1109/MSP.2009.43
REFERENCES
1. Assoc. Chief Police Officers, Good Practice Guide for Computer-Based Electronic Evidence, v. 3.0, 2007; www.acpo.police.uk/asp/policies/Datagpg_computer_based_evidence_v3.pdf .
2. B.D. Carrier, "Risks of Live Digital Forensic Analysis," Comm. ACM, vol. 49, no. 2, 2006, pp. 56–61; doi:10.1145/1113034.1113069.
3. F. Adelstein, "Live Forensics: Diagnosing Your System without Killing It First," Comm. ACM, vol. 49, no. 2, 2006, pp. 63–66; doi:10.1145/1113034.1113070.
4. E. Libster and J.D. Kornblum, "A Proposal for an Integrated Memory Acquisition Mechanism," Operating Systems Rev., vol. 42, no. 3, 2008, pp. 14–20; doi:10.1145/1368506.1368510.
5. The Honeynet Project, Sebek FAQ; http://old.honeynet.org/tools/sebekfaq.html#faq202 .
6. B.D. Carrier and J. Grand, "A Hardware-Based Memory Acquisition for Digital Investigations," Digital Investigation, vol. 1, no. 2, 2004, pp. 50–60.
7. A. Boileau, "Hit by a Bus: Physical Access Attacks with Firewire," Security-Assessment.com, 2006; www.security-assessment.com/files/presentations ab_firewire_rux2k6-final.pdf.
8. N. Petroni et al. "FATKit: A Framework for the Extraction and Analysis of Digital Forensics Data from Volatile System Memory," Digital Investigation, vol. 3, no. 4, 2006, pp. 197–210.
9. Volatile Systems, The Volatility Framework: Volatile Memory Artifact Extraction Utility Framework; www.volatilesystems.com/defaultvolatility .
10. J. Rutkowska, Beyond the CPU: Defeating Hardware-Based RAM Acquisition (Part I: AMD Case),28 Feb. 2007; http://invisiblethings.org/paperscheating-hardware-memory-acquisition-updated.ppt .
11. J.A. Halderman et al., "Lest We Remember: Cold Boot Attacks on Encryption Keys," Proc. 17th USENIX Security Symp., Usenix Assoc., 2008, pp. 45–60; http://citp.princeton.edu/pubcoldboot.pdf .
12. T. Garfinkel and M. Rosenblum, "A Virtual Machine Introspection-Based Architecture for Intrusion Detection," Proc. 10th Symp. Network and Distributed System Security (NDSS 03), Internet Soc., 2003, pp. 191–206.
13. B. Hay and K. Nance, "Forensics Examination of Volatile System Data Using Virtual Introspection," Operating Systems Rev., vol. 42, no. 3, 2008, pp. 74–82; doi:10.1145/1368506.1368517.
14. L. Litty and D. Lie, "Manitou: A Layer-Below Approach to Fighting Malware," Proc. 1st Workshop Architectural and System Support for Improving Software Dependability (ASID 06), ACM Press, 2006, pp. 6–11, doi:10.1145/1181309.1181311.
15. F. Baiardi and D. Sgandurra, "Building Trustworthy Intrusion Detection through VM Introspection," Proc. 3rd Int'l Symp. Information Assurance and Security (IAS 07), IEEE CS Press, 2007, pp. 209–214.
13 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool