Completed
Test environment
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Hiding Process Memory via Anti-Forensic Techniques
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Agenda
- 3 Introduction
- 4 Process Address Space
- 5 Paging
- 6 Overview
- 7 PTE Subversions
- 8 PTE Remapping
- 9 PTE Erasure
- 10 Evaluation - Memory Forensics
- 11 Evaluation - Live Forensics
- 12 Considerations
- 13 Modified PFN Remapping on Windows
- 14 MAS Remapping Detection
- 15 PTE Subversion Detection - Windows
- 16 PTE Subversion Detection - Linux
- 17 Shared Memory Subversion Detection
- 18 Test environment
- 19 Detection Evaluation - Windows
- 20 Detection Evaluation - Linux
- 21 False Positives - Windows
- 22 False Positives - Linux
- 23 Comparison - Attacker's Point of View
- 24 Conclusion
- 25 Limitations
- 26 Future Work