Open Access. Powered by Scholars. Published by Universities.®
- Discipline
Articles 1 - 2 of 2
Full-Text Articles in Entire DC Network
Improving Kernel Artifact Extraction In Linux Memory Samples Using The Slub Allocator, Daniel A. Donze
Improving Kernel Artifact Extraction In Linux Memory Samples Using The Slub Allocator, Daniel A. Donze
LSU Master's Theses
Memory forensics allows an investigator to analyze the volatile memory (RAM) of a computer, providing a view into the system state of the machine as it was running. Examples of items found in memory samples that are of interest to investigators are kernel data structures which can represent processes, files, and sockets. The SLUB allocator is the default small-request memory allocator for modern Linux systems. SLUB allocates “slabs”, which are contiguous sections of pre-allocated memory that are used to efficiently service allocation requests. The predecessor to SLUB, the SLAB allocator, tracked every slab it allocated, allowing extraction of allocated slabs …
Improving Memory Forensics Capabilities On Apple M1 Computers, Raphaela Santos Mettig Rocha
Improving Memory Forensics Capabilities On Apple M1 Computers, Raphaela Santos Mettig Rocha
LSU Master's Theses
Malware threats are rapidly evolving to use more sophisticated attacks. By abusing rich application APIs such as Objective-C’s, they are able to gather information about user activity, launch background processes without the user’s knowledge as well as perform other malicious activities. In some cases, memory forensics is the only way to recover artifacts related to this malicious activity, as is the case with memory-only execution. The introduction of the Rosetta 2 on the Apple M1 introduces a completely new attack surface by allowing binaries of both Intel x86 64 and ARM64 architecture to run in userland. For this reason it …