Digital forensic tools: Recent advances and enhancing the status quo
Publications in the digital forensics domain frequently come with tools–a small piece of
functional software. These tools are often released to the public for others to reproduce …
functional software. These tools are often released to the public for others to reproduce …
[HTML][HTML] DFRWS EU 10-year review and future directions in Digital Forensic Research
Conducting a systematic literature review and comprehensive analysis, this paper surveys
all 135 peer-reviewed articles published at the Digital Forensics Research Conference …
all 135 peer-reviewed articles published at the Digital Forensics Research Conference …
[HTML][HTML] SSHkex: Leveraging virtual machine introspection for extracting SSH keys and decrypting SSH network traffic
S Sentanoe, HP Reiser - Forensic Science International: Digital …, 2022 - Elsevier
Nowadays, many users are using an encrypted channel to communicate with a remote
resource server. Such a channel provides a high degree of privacy and confidentiality …
resource server. Such a channel provides a high degree of privacy and confidentiality …
X-Ray-TLS: transparent decryption of TLS sessions by extracting session keys from memory
F Moriconi, O Levillain, A Francillon… - Proceedings of the 19th …, 2024 - dl.acm.org
While internet communications have been originally all in the clear, the past decade has
seen secure protocols like TLS becoming pervasive, significantly improving internet security …
seen secure protocols like TLS becoming pervasive, significantly improving internet security …
ME-Box: A reliable method to detect malicious encrypted traffic
B Xu, G He, H Zhu - Journal of Information Security and Applications, 2021 - Elsevier
Currently, encryption (such as the Transport Layer Security protocol) is used by increasingly
more network applications to protect their security and privacy, while it also benefits network …
more network applications to protect their security and privacy, while it also benefits network …
Malware detection based on multi-level and dynamic multi-feature using ensemble learning at hypervisor
J Zhang, C Gao, L Gong, Z Gu, D Man, W Yang… - Mobile Networks and …, 2021 - Springer
As more and more applications migrate to clouds, the type and amount of malware attack
against virtualized environments are increasing, which is a key factor that restricts the …
against virtualized environments are increasing, which is a key factor that restricts the …
Passive decryption on encrypted traffic to generate more accurate machine learning training data
In one embodiment, an apparatus captures a memory dump of a device in a sandbox
environment executing a malware sample. The apparatus identifies a cryptographic key …
environment executing a malware sample. The apparatus identifies a cryptographic key …
Virtual machine introspection based SSH honeypot
A honeypot provides information about the new attack and exploitation methods and allows
analyzing the adversary's activities during or after exploitation. One way of an adversary to …
analyzing the adversary's activities during or after exploitation. One way of an adversary to …
Deriving ChaCha20 key streams from targeted memory analysis
P McLaren, WJ Buchanan, G Russell, Z Tan - Journal of Information …, 2019 - Elsevier
There can be performance and vulnerability concerns with block ciphers, thus stream
ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly …
ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly …
Sarracenia: Enhancing the Performance and Stealthiness of SSH Honeypots Using Virtual Machine Introspection
Secure Shell (SSH) is a preferred target for attacks, as it is frequently used with password-
based authentication, and weak passwords can be easily exploited using brute-force …
based authentication, and weak passwords can be easily exploited using brute-force …