Reading the contents of deleted and modified files in the virtualization based black-box binary analysis system Drakvuf

Reading the contents of deleted and modified files in the virtualization based black-box binary analysis system Drakvuf

The article discusses ways to get the content of files, which are modified during the processing in the well-known open source dynamic analysis environment Drakvuf. Drakvuf initially implemented file saving functionality based on the use of undocumented mechanisms for working with the system cache....

Full description

Bibliographic Details
Main Author: S. G. Kovalev
Format: Article
Language:English
Published: Ivannikov Institute for System Programming of the Russian Academy of Sciences 2018-12-01
Series:Труды Института системного программирования РАН
Subjects:
вредоносная программа
динамический анализ
инъекция
drakvuf
virtual machine introspection
Online Access:https://ispranproceedings.elpub.ru/jour/article/view/1108

Internet

https://ispranproceedings.elpub.ru/jour/article/view/1108

Similar Items