Investigating the digital world

dfm covers

From the lab - VM introspection

Written by DFMag

From the lab - VM introspection

Malware analysis has become expensive from a security operations point of view, as it usually involves setting up environments, then ‘snapshotting’ various images and installing numerous monitoring tools for each instance of a malware infection. For sophisticated malware such as bootkits, rootkits et al., this can be even more cumbersome. Advanced types of malware need the analyst to have significant expertise as most well known detectors, (such as Anti-Virus or HIPS) are not reliably able identify these infections.

In this article Rahul Kashyap looks at the unearthing and profiling sophisticated x64 bit kernel mode bootkits that continue to leverage holes on Windows 7 to bypass protection mechanisms like windows Patchguard to persist and infect machines. This article describes some of the holes that these bootkits leverage with in-depth details and then will present some new emerging analysis technologies that leverage hypervisor enabled VM introspection.

Find out more - subscribe to DFM today and read the full article. Or if you're a subscriber, login and read the article online.

Sponsored Links

Please make cache directory writable.

Tweets by @DFMag

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Submit an Article or Idea

Featured Book

Learning iOS Forensics

A practical hands-on guide to acquire and analyse iOS devices with the latest forensic techniques and tools.

Meet the Authors

Andrew Harbison

Andrew Harbison is a Director and IT Forensics Lead at Grant Thornton

See all Authors

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 40 on sale from August 2019:

Forensic Syntactical & Linguistic Investigation

Mark Iwazko presents a case study regarding a Forensic Syntactical & Linguistic investigation: Instructed by the Moscow General Council of one of the actual big four accountants. Read More »

Forensic Readiness: A Proactive Approach to Support Forensic Digital Analysis

An increasing number of criminal actions are inflicting financial and brand damage to organizations around the globe. An impressive number of such cases do not reach the courts, mainly because of the organization’s inefficiency to produce robust digital evidences that are acceptable in the courts of law. Read More »

Subscribe today

Using Error-Patterns for Attribution: An Applied Linguistics Technique

Corpus Linguistics within Second Language Acquisition has developed models of error patterns made by defined groups of second language learners. This knowledge base can be leveraged by a knowledgeable analyst to attribute content to a subset of authors. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue

Investigating the digital world

Dedicated to all aspects of Digital Forensics. Packed full of feature articles plus sections on Legal, From the Lab, All things Apple, Interviews, Expert Comment, Competitions and much more.

Navigation

Subscribe Now

Follow Us

Copyright © 2019 Digital Forensics Magazine. All Rights Reserved.