Memory forensics is one of the steps of computer forensics, related to the analysis of digital evidence collected from the memory of the system under analysis after a computer incident. Memory forensics can be useful for recovering encryption keys, fileless malware, or (some) packed malware samples. This talk will cover the process of malware analysis applied to memory forensics and the current issues and open challenges faced during this process, presenting the latest advances made by my research group in this area. In particular, I will show how the memory acquisition and analysis process is performed on a memory dump, ending with the extraction of a suspicious artifact for malware analysis, and how the tools we have developed can help during the analysis process.
Ricardo J. Rodríguez received M.S. and Ph.D. degrees in Computer Science from the University of Zaragoza, Spain, in 2010 and 2013, respectively. He is currently an Associate Professor at University of Zaragoza, Spain. His research interests include performance and dependability system analysis, system security, digital forensics, and program binary analysis. He has participated as speaker (and trainer) in several security conferences, such as NoConName, Hack.LU, RootedCON, Hack in Paris, MalCON, or Hack in the Box Amsterdam, among others. He is the leader of a research line devoted to computer security in the University of Zaragoza (https://reversea.me).
Este evento se impartirá en inglés