Show simple item record

dc.contributor.authorDolan-Gavitt, Brendan
dc.contributor.authorPayne, Bryan
dc.contributor.authorLee, Wenke
dc.date.accessioned2011-04-06T19:50:49Z
dc.date.available2011-04-06T19:50:49Z
dc.date.issued2011
dc.identifier.urihttp://hdl.handle.net/1853/38424
dc.description.abstractVirtual machine introspection (VMI) has formed the basis of a number of novel approaches to security in recent years. Although the isolation provided by a virtualized environment provides improved security, software that makes use of VMI must overcome the semantic gap, reconstructing high-level state information from low-level data sources such as physical memory. The digital forensics community has likewise grappled with semantic gap problems in the field of forensic memory analysis (FMA), which seeks to extract forensically relevant information from dumps of physical memory. In this paper, we will show that work done by the forensic community is directly applicable to the VMI problem, and that by providing an interface between the two worlds, the difficulty of developing new virtualization security solutions can be significantly reduced.en_US
dc.language.isoen_USen_US
dc.publisherGeorgia Institute of Technologyen_US
dc.relation.ispartofseriesSCS Technical Report ; GT-CS-11-05
dc.subjectForensic memory analysisen_US
dc.subjectPhysical memoryen_US
dc.subjectSecurity applicationsen_US
dc.subjectSecurity softwareen_US
dc.subjectSemantic gapen_US
dc.subjectVirtual machine introspectionen_US
dc.subjectVirtualizationen_US
dc.titleLeveraging Forensic Tools for Virtual Machine Introspectionen_US
dc.typeTechnical Reporten_US
dc.contributor.corporatenameGeorgia Institute of Technology. College of Computing
dc.contributor.corporatenameGeorgia Institute of Technology. School of Computer Science


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record