Show simple item record

dc.contributor.authorPridgen, Adam
Garfinkel, Simson
Wallach, Dan S.
dc.date.accessioned 2019-01-09T17:21:14Z
dc.date.available 2019-01-09T17:21:14Z
dc.date.issued 2017
dc.identifier.citation Pridgen, Adam, Garfinkel, Simson and Wallach, Dan S.. "Picking up the trash: Exploiting generational GC for memory analysis." Digital Investigation, 20, no. Supplement (2017) S20-S28. https://doi.org/10.1016/j.diin.2017.01.002.
dc.identifier.urihttps://hdl.handle.net/1911/105029
dc.description.abstract Memory analysis is slowly moving up the software stack. Early analysis efforts focused on core OS structures and services. As this field evolves, more information becomes accessible because analysis tools can build on foundational frameworks like Volatility and Rekall. This paper demonstrates and establishes memory analysis techniques for managed runtimes, namely the HotSpot Java Virtual Machine (JVM). We exploit the fact that residual artifacts remain in the JVM's heap to create basic timelines, reconstruct objects, and extract contextual information. These artifacts exist because the JVM copies objects from one place to another during garbage collection and fails to overwrite old data in a timely manner. This work focuses on the Hotspot JVM, but it can be generalized to other managed run-times like Microsoft .Net or Google's V8 JavaScript Engine.
dc.language.iso eng
dc.rightsThis is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/4.0/).
dc.title Picking up the trash: Exploiting generational GC for memory analysis
dc.type Journal article
dc.citation.journalTitle Digital Investigation
dc.subject.keywordMemory forensics
Malware analysis
Java
HotSpot JVM
Managed runtimes
dc.citation.volumeNumber 20
dc.citation.issueNumber Supplement
dc.identifier.digital picking-up-trash
dc.contributor.publisher Elsevier
dc.type.dcmi Text
dc.identifier.doihttps://doi.org/10.1016/j.diin.2017.01.002
dc.type.publication publisher version
dc.citation.firstpage S20
dc.citation.lastpage S28


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).
Except where otherwise noted, this item's license is described as This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).