Open Access. Powered by Scholars. Published by Universities.®
- Discipline
- Publication
- Publication Type
Articles 1 - 2 of 2
Full-Text Articles in Information Security
Leveraging The Windows Amcache.Hve File In Forensic Investigations, Bhupendra Singh, Upasna Singh
Leveraging The Windows Amcache.Hve File In Forensic Investigations, Bhupendra Singh, Upasna Singh
Journal of Digital Forensics, Security and Law
The Amcache.hve is a registry hive file that is created by Microsoft® Windows® to store the information related to execution of programs. This paper highlights the evidential potential of Amcache.hve file and its application in the area of user activity analysis. The study uncovers numerous artifacts retained in Amcache.hve file when a user performs certain actions such as running host-based applications, installation of new applications, or running portable applications from external devices. The results of experiments demonstrate that Amcache.hve file stores intriguing artifacts related to applications such as timestamps of creation and last modification of any application; name, description, publisher …
Detecting Objective-C Malware Through Memory Forensics, Andrew Case
Detecting Objective-C Malware Through Memory Forensics, Andrew Case
University of New Orleans Theses and Dissertations
Memory forensics is increasingly used to detect and analyze sophisticated malware. In the last decade, major advances in memory forensics have made analysis of kernel-level malware straightforward. Kernel-level malware has been favored by attackers because it essentially provides complete control over a machine. This has changed recently as operating systems vendors now routinely enforce driving signing and strategies for protecting kernel data, such as Patch Guard, have made userland attacks much more attractive to malware authors.
In this thesis, new techniques for detecting userland malware written in Objective-C on Mac OS X are presented. As the thesis illustrates, Objective-C provides …