Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 2 of 2
Full-Text Articles in Other Computer Sciences
Malware And Memory Forensics On M1 Macs, Charles E. Glass
Malware And Memory Forensics On M1 Macs, Charles E. Glass
LSU Master's Theses
As malware continues to evolve, infection mechanisms that can only be seen in memory are increasingly commonplace. These techniques evade traditional forensic analysis, requiring the use of memory forensics. Memory forensics allows for the recovery of historical data created by running malware, including information that it tries to hide. Memory analysis capabilities have lagged behind on Apple's new M1 architecture while the number of malicious programs only grows. To make matters worse, Apple has developed Rosetta 2, the translation layer for running x86_64 binaries on an M1 Mac. As a result, all malware compiled for Intel Macs is theoretically functional …
Improving Memory Forensics Capabilities On Apple M1 Computers, Raphaela Santos Mettig Rocha
Improving Memory Forensics Capabilities On Apple M1 Computers, Raphaela Santos Mettig Rocha
LSU Master's Theses
Malware threats are rapidly evolving to use more sophisticated attacks. By abusing rich application APIs such as Objective-C’s, they are able to gather information about user activity, launch background processes without the user’s knowledge as well as perform other malicious activities. In some cases, memory forensics is the only way to recover artifacts related to this malicious activity, as is the case with memory-only execution. The introduction of the Rosetta 2 on the Apple M1 introduces a completely new attack surface by allowing binaries of both Intel x86 64 and ARM64 architecture to run in userland. For this reason it …