Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 2 of 2
Full-Text Articles in Entire DC Network
Malware And Memory Forensics On M1 Macs, Charles E. Glass
Malware And Memory Forensics On M1 Macs, Charles E. Glass
LSU Master's Theses
As malware continues to evolve, infection mechanisms that can only be seen in memory are increasingly commonplace. These techniques evade traditional forensic analysis, requiring the use of memory forensics. Memory forensics allows for the recovery of historical data created by running malware, including information that it tries to hide. Memory analysis capabilities have lagged behind on Apple's new M1 architecture while the number of malicious programs only grows. To make matters worse, Apple has developed Rosetta 2, the translation layer for running x86_64 binaries on an M1 Mac. As a result, all malware compiled for Intel Macs is theoretically functional …
Automated Extraction Of Network Activity From Memory Resident Code, Austin Nicholas Sellers
Automated Extraction Of Network Activity From Memory Resident Code, Austin Nicholas Sellers
LSU Master's Theses
Advancements in malware development, including the use of file-less and memory-only payloads, have led to a significant interest in the use of volatile memory analysis by digital forensics practitioners. Memory analysis can uncover a wealth of information not available via traditional analysis, such as the discovery of injected code, hooked APIs, and more. Unfortunately, the process of analyzing such malicious code is largely left to analysts who must manually reverse engineer the code to discover its intent. This task is not only slow and error-prone, but is also generally left only to senior-level analysts to perform, given that significant reverse …