depicts in brief the data we observed and investigated, and whether that data was discovered

depicts in brief the data we observed and investigated, and whether that data was discovered

Source publication
Conference Paper
Full-text available
One advanced tactic used to deliver a malware payload to a target operating system is Dynamic Link Library (DLL) injection, which has the capabilities to bypass many security settings. In cases of compromise involving DLL injection, volatile memory contains critical evidence, as these attacks typically leave no footprint on the hard disk. In this p...

Similar publications

Conference Paper
Full-text available
The APS-Upgrade presents several challenging demands to the booster synchrotron. Swap-out injection requires the booster to capture a high charge bunch (up to 17 nC), accelerate it to 6 GeV, and maintain a low emittance at extraction for injection into the storage ring. To accommodate these conflicting demands, the RF frequency will be ramped betwe...
Conference Paper
Full-text available
Operation of HVDC converters under HVDC pole voltage imbalances is analysed. Asymmetrical HVDC pole current injection is achieved by directing current to the ground return path through a device installed in the AC side of the converter. Several operation modes, including asymmetric monopole, are presented and their sizing requirements are discussed...
Conference Paper
Full-text available
The MedAustron facility is a synchrotron-driven hadron therapy and research center presently under construction in Wiener Neustadt, Austria. In its final outline, the facility will provide H+ beams with kinetic energies ≤250MeV and C6+ beams of ≤400MeV/u for clinical applications, and for non-clinical applications H+ of up to 800MeV. First patient...
Article
Full-text available
This study proposes a new application of Whale Optimization Algorithm (WOA) with an aim of finding optimal placement and size of Distributed Generation (DGs) for multi-objectives. Multi-objectives include power loss minimization, voltage profile improvement and operating cost minimization subjected to equality and inequality constraints. Proposed m...

Citations

... Efficiency of Live Forensics. There are various concerns [1][2][3]13] about the efficiency of live forensics, but it is important to note that some of these research may be outdated, as physical memory has undergone significant upgrades over time. Furthermore, live forensics had not previously worked directly on memory, as our proposed method does. ...
... DLL Injection olarak adlandırılan yöntem ile zararlı DLLs, user32.dll ile güvenli olarak tanımlanmakta ve AppInit_DLLs listesine eklenmektedir [16]. Windows registry'de bulunan AppInit_DLLs değeri boş olmaktadır. ...
Article
Full-text available
zet-Bu çalışmada, Windows İşletim Sistemlerinde bulunan ve sistemin veritabanı olarak tanımlanan windows registry'nin, bilgisayar güvenliğinin sağlanmasındaki rolü ele alınmıştır. Windows registry; başlangıçta çalışan uygulamalar, kurulu programlar, MS office dosya bilgileri, taşınabilir bellekler, paylaşım dosyaları, sanal makine bilgisi gibi çok sayıda ve farklı verileri kaydetmektedir. Çalışmada bu kayıtlar bilgisayar güvenliği bağlamında irdelenmiştir. Windows registry'de yer alan kayıtların incelenmesi, analizi ve bu kayıtlar üzerinde yapılacak değişiklikler ile kişisel bilgisayar güvenliğinin sağlanması arasında yakın bir ilişki bulunmaktadır. Çalışmada zararlı yazılımların tespit edilmesi açısından 4; bilgisayarda bulunan bazı fonksiyonların engellenmesi açısından 24 ve bilgisayarda gerçekleşen işlemlerin denetlemesi açısından 27 olmak üzere toplam 55 işleme ait windows registry girdisi incelenmiş ve değerlendirmelerde bulunulmuştur. Elde edilen sonuçlar ise özet tablolar haline sunulmuştur. Abstract-In this study, discussed the role of windows registry, which is database of windows operating system, in computer security. Windows registry is recorded different type of information like startup applications, installed applications, MS office document information, Portable Memory Storages information, shared folders, virtual computers. In study, this records are examined in the context of computer security. There is a close relationship between examining, analyzing and making same changes in the records of windows registry and ensuring the personel computer security. In study, totaly 55 windows registry keys and their functions are examined. 4 of them are related to detecting malicious software, 24 of them are related to preventing same functions of computer and 27 of them are related to auditing of process in computers. The results which are obtained are presented by summary tables.
Conference Paper
Since it becomes increasingly difficult to trick end users to install and run executable files from unknown sources, attackers refer to stealthy ways such as manipulation of DLL (Dynamic Link Library) files to compromise user computers. In this paper, we propose to develop mechanisms that allow the hypervisor to conduct lightweight examination of DLL files and their running environment in guest virtual machines. Different from the approaches that focus on static analysis of the DLL API calling graphs, our mechanisms conduct continuous examination of their running states. In this way, malicious manipulations to DLL files that happen after they are loaded into memory can also be detected. In order to maintain non-intrusive monitoring and reduce the impacts on VM performance, we avoid examinations of the complete DLL file contents but focus on the parameters such as the relative virtual addresses (RVA) of the functions. We have implemented our approach in Xen and conducted experiments with more than 100 malware of different types. The experiment results show that our approach can effectively detect the malware with very low increases in overhead at guest VMs.