Repository logo
  • Log In
    New user? Click here to register.Have you forgotten your password?
University College Dublin
  • Colleges & Schools
  • Statistics
  • All of DSpace
  • Log In
    New user? Click here to register.Have you forgotten your password?
  1. Home
  2. Institutes and Centres
  3. Insight Centre for Data Analytics
  4. Insight Research Collection
  5. Virtual Machine Forensics by means of Introspection and Kernel Code Injection
 
  • Details
Options

Virtual Machine Forensics by means of Introspection and Kernel Code Injection

File(s)
FileDescriptionSizeFormat
Download insight_publication.pdf150.52 KB
Author(s)
Tobin, Patrick 
Kechadi, Tahar 
Uri
http://hdl.handle.net/10197/6478
Date Issued
24 March 2014
Date Available
14T09:50:21Z April 2015
Abstract
Virtual Machine Introspection offers the ability to access a virtual machine remotely and extract informationfrom it. Virtual machine introspection allows all processes, local data, and network traffic to be tracked andmade available to the investigation process. These properties offer the possibility to monitor a suspect virtualmachine (VM). Moreover, the access to a VM data is far from being trivial; there are various complex tasks tobe dealt with. For instance the returned data is in a raw format, and it is necessary to remap into a userfriendly representation (canonical representation). In this paper we propose a method of bridging thissemantic gap, and provide a graphical reconstruction of events. This proposal is essentially, the recreation ofa virtual machine at a remote location and the subsequent recreation of all processes, data, network traffic ina virtual machine as they occur in the original. This should be achieved in real-time, which will give anopportunity to quickly make decisions based on the evidence as we collect them in real-time. Our approachinvolves recreating a virtual machine and injecting into it all code and data within the original virtual machine,presenting an identical copy for examination. The approach proposed also has another advantage byallowing all data to be saved for further analysis and verification.
Sponsorship
Science Foundation Ireland
Type of Material
Conference Publication
Copyright (Published Version)
2014 the Author
Keywords
  • Machine learning

  • Statistics

  • Virtualisation

  • Digital forensics

  • Kernel injection

  • Virtual Machine intro...

Web versions
http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
Language
English
Status of Item
Peer reviewed
Description
9th International Conference on Cyber Warfare and Security, Purdue University, West Lafayette, Indiana, United States, 24-25 March 2014
This item is made available under a Creative Commons License
https://creativecommons.org/licenses/by-nc-nd/3.0/ie/
Owning collection
Insight Research Collection
Views
1474
Last Week
1
Last Month
2
Acquisition Date
Feb 6, 2023
View Details
Downloads
508
Last Month
414
Acquisition Date
Feb 6, 2023
View Details
google-scholar
University College Dublin Research Repository UCD
The Library, University College Dublin, Belfield, Dublin 4
Phone: +353 (0)1 716 7583
Fax: +353 (0)1 283 7667
Email: mailto:research.repository@ucd.ie
Guide: http://libguides.ucd.ie/rru

Built with DSpace-CRIS software - Extension maintained and optimized by 4Science

  • Cookie settings
  • Privacy policy
  • End User Agreement