The analysis of memory dumps presents unique challenges, as operating systems use a
variety of (often undocumented) ways to represent data in memory. To solve this problem …

The development and research of tools for forensically analyzing Linux memory snapshots
have stalled in recent years as they cannot deal with the high degree of configurability and …

The security guarantees of confidential VMs (eg, AMD's SEV) are a double-edged sword:
Their protection against undesired VM inspection by malicious or compromised cloud …

Cryptographic techniques form the foundation of the security and privacy of computing
solutions. However, if cryptographic APIs are not invoked correctly, they can result in …

The web browsing activities of a user provide useful evidence for digital forensic
investigations. However, existing analysis techniques that aim to analyze local artifacts (eg …

The Arm TrustZone is the de facto standard for hardware-backed Trusted Execution
Environments (TEEs) on mobile devices, providing isolation for secure computations to be …

Recently proposed tools such as LogicMem, Katana, and AutoProfile enable a fine-grained
inspection of the operating system's memory. They provide insights that were previously only …

There are various techniques (String Search, Signature, List Traversal, Kernel Object, etc.) to
perform memory forensics. Among them, Kernel Object-based memory forensics techniques …

The rapid increase of embedded devices and IoT objects is leading to a multiplication of
operating systems and processor architectures, which are generally not supported by …

Over the last decades, the complexity of client, server, and network devices has drastically
increased---and so has the number of sophisticated attacks against them. New …