Ecole d'ingénieur et centre de recherche en Sciences du numérique

The impact of GPU-assisted malware on memory forensics: A case study

Villani, Antonio; Balzarotti, Davide; di Pietro, Roberto

DFRWS 2015, Annual Digital Forensics Research Conference, Philadelphia, USA

In this paper we assess the impact of GPU-assisted malware on memory forensics. In particular, we first introduce four different techniques that malware can adopt to hide its presence. We then present a case study on a very popular family of Intel GPUs, and we analyze in which cases the forensic analysis can be performed using only the host's memory and in which cases it requires access to the GPU's memory. Our analysis shows that, by offloading some computation to the GPUs, it is possible to successfully hide some malicious behavior. Furthermore, we provide suggestions and insights about which artifacts could be used to detect the presence of GPU-assisted malware.

Document Doi Bibtex

Titre:The impact of GPU-assisted malware on memory forensics: A case study
Mots Clés:Graphic processing units; Memory analysis; Malware; Digital Forensics; Direct Rendering Manager
Type:Conférence
Langue:English
Ville:Philadelphia
Pays:ÉTATS-UNIS
Date:
Département:Sécurité numérique
Eurecom ref:4550
Copyright: © Elsevier. Personal use of this material is permitted. The definitive version of this paper was published in DFRWS 2015, Annual Digital Forensics Research Conference, Philadelphia, USA and is available at : http://dx.doi.org/10.1016/j.diin.2015.05.010
Bibtex: @inproceedings{EURECOM+4550, doi = {http://dx.doi.org/10.1016/j.diin.2015.05.010}, year = {2015}, title = {{T}he impact of {GPU}-assisted malware on memory forensics: {A} case study}, author = {{V}illani, {A}ntonio and {B}alzarotti, {D}avide and di {P}ietro, {R}oberto}, booktitle = {{DFRWS} 2015, {A}nnual {D}igital {F}orensics {R}esearch {C}onference, {P}hiladelphia, {USA} }, address = {{P}hiladelphia, {\'{E}}{TATS}-{UNIS}}, month = {08}, url = {http://www.eurecom.fr/publication/4550} }
Voir aussi: