Windows Memory Forensics: Detecting (Un)Intentionally Hidden Injected Code by Examining Page Table Entries
Digital Investigation, pp. S3-S12, 2019.
Memory forensicsCode injectionDetectionWindowsMalwareMore(1+)
Malware utilizes code injection techniques to either manipulate other processes (e.g. done by banking trojans) or hide its existence. With some exceptions, such as ROP gadgets, the injected code needs to be executable by the CPU (at least at some point in time). In this work, we cover and evaluate hiding techniques that prevent executable...More
Full Text (Upload PDF)
PPT (Upload PPT)
Best Paper of DFRWS, 2019