Gaslight: A comprehensive fuzzing architecture for memory forensics frameworks. (August 2017)
- Record Type:
- Journal Article
- Title:
- Gaslight: A comprehensive fuzzing architecture for memory forensics frameworks. (August 2017)
- Main Title:
- Gaslight: A comprehensive fuzzing architecture for memory forensics frameworks
- Authors:
- Case, Andrew
Das, Arghya Kusum
Park, Seung-Jong
Ramanujam, J. (Ram)
Richard, Golden G. - Abstract:
- Abstract: Memory forensics is now a standard component of digital forensic investigations and incident response handling, since memory forensic techniques are quite effective in uncovering artifacts that might be missed by traditional storage forensics or live analysis techniques. Because of the crucial role that memory forensics plays in investigations and because of the increasing use of automation of memory forensics techniques, it is imperative that these tools be resilient to memory smear and deliberate tampering. Without robust algorithms, malware may go undetected, frameworks may crash when attempting to process memory samples, and automation of memory forensics techniques is difficult. In this paper we present Gaslight, a powerful and flexible fuzz-testing architecture for stress-testing both open and closed-source memory forensics frameworks. Gaslight automatically targets critical code paths that process memory samples and mutates samples in an efficient way to reveal implementation errors. In experiments we conducted against several popular memory forensics frameworks, Gaslight revealed a number of critical previously undiscovered bugs.
- Is Part Of:
- Digital investigation. Volume 22(2017)Supplement
- Journal:
- Digital investigation
- Issue:
- Volume 22(2017)Supplement
- Issue Display:
- Volume 22, Issue 2017 (2017)
- Year:
- 2017
- Volume:
- 22
- Issue:
- 2017
- Issue Sort Value:
- 2017-0022-2017-0000
- Page Start:
- S86
- Page End:
- S93
- Publication Date:
- 2017-08
- Subjects:
- Memory forensics -- Computer forensics -- Memory analysis -- Incident response -- Malware -- Fuzzing
Forensic sciences -- Data processing -- Periodicals
Criminal investigation -- Data processing -- Periodicals
363.250285 - Journal URLs:
- http://www.sciencedirect.com/science/journal/17422876 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.diin.2017.06.011 ↗
- Languages:
- English
- ISSNs:
- 1742-2876
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3588.396620
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 22614.xml