Reading the contents of deleted and modified files in the virtualization based black-box binary analysis system Drakvuf

The article discusses ways to get the content of files, which are modified during the processing in the well-known open source dynamic analysis environment Drakvuf. Drakvuf initially implemented file saving functionality based on the use of undocumented mechanisms for working with the system cache....

Full description

Bibliographic Details
Published in:Труды Института системного программирования РАН
Main Author: S. G. Kovalev
Format: Article
Language:English
Published: Russian Academy of Sciences, Ivannikov Institute for System Programming 2018-12-01
Subjects:
вредоносная программа
динамический анализ
инъекция
drakvuf
virtual machine introspection
Online Access:https://ispranproceedings.elpub.ru/jour/article/view/1108

Internet

https://ispranproceedings.elpub.ru/jour/article/view/1108

Similar Items