{"title":"Static Code Analysis on The Effect of Virtual Secure Mode on Memory Acquisition with IDA","authors":"Nadja Adryana, Niken Cahyani, Erwid Jadied","doi":"10.21108/ijoict.v9i1.688","DOIUrl":null,"url":null,"abstract":"Memory acquisition process is one of digital forensics act. There are several tools that support memory acquisition process. At this time, there is a feature named secure mode that can caused crash or error in memory acquisition tools system and caused the tools to be unusable, also the loss of the computer memory. This research is focusing on analyzing the acquisition tools that has error or crash when the device that is being used for memory acquisition is in secure mode. The analysis is being carried out using static code analysis method, which is one of the techniques of reverse engineering, using IDA. This study aims to find the cause of the crash or error in memory acquisition tools. The purpose of this study is to be useful for digital forensic tester in understanding the potential risk of the secure mode impact in acquisition process. The results of this study indicate that different operating system and different kernel which runs in the device are the reasons that memory acquisition tools cannot run properly on VSM environment being turned on.","PeriodicalId":488588,"journal":{"name":"International journal on information and communication technology","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal on information and communication technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21108/ijoict.v9i1.688","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Memory acquisition process is one of digital forensics act. There are several tools that support memory acquisition process. At this time, there is a feature named secure mode that can caused crash or error in memory acquisition tools system and caused the tools to be unusable, also the loss of the computer memory. This research is focusing on analyzing the acquisition tools that has error or crash when the device that is being used for memory acquisition is in secure mode. The analysis is being carried out using static code analysis method, which is one of the techniques of reverse engineering, using IDA. This study aims to find the cause of the crash or error in memory acquisition tools. The purpose of this study is to be useful for digital forensic tester in understanding the potential risk of the secure mode impact in acquisition process. The results of this study indicate that different operating system and different kernel which runs in the device are the reasons that memory acquisition tools cannot run properly on VSM environment being turned on.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
