Reading Time: < 1 minute

Show all

Fernández-Álvarez, Pedro; Rodríguez, Ricardo J.

Module Extraction and DLL Hijacking Detection via Single or Multiple Memory Dumps Journal Article

In: Forensic Science International: Digital Investigation, vol. 44, pp. 301505, 2023, ISSN: 2666-2817, (Accepted for publication. To appear. Selected Papers of the Tenth Annual DFRWS Europe Conference).

Abstract | Links | BibTeX | Tags: digital forensics, DLL hijacking, memory forensics, Volatility, Windows

Fernández-Álvarez, Pedro; Rodríguez, Ricardo J

Extraction and Analysis of Retrievable Memory Artifacts from Windows Telegram Desktop Application Journal Article

In: Forensic Science International: Digital Investigation, vol. 40, pp. 301342, 2022, ISBN: 2666-2817.

Abstract | Links | BibTeX | Tags: digital forensics, instant messaging, memory forensics, Telegram Desktop, Windows

Martín-Pérez, Miguel; Rodríguez, Ricardo J; Balzarotti, Davide

Pre-processing Memory Dumps to Improve Similarity Score of Windows Modules Journal Article

In: Computers & Security, vol. 101, pp. 102119, 2021, ISSN: 0167-4048.

Abstract | Links | BibTeX | Tags: memory forensics, relocation, similarity digest algorithms, Windows

Martín-Pérez, Miguel; Rodríguez, Ricardo J

Quantifying Paging on Recoverable Data from Windows User-Space Modules Inproceedings

In: Proceedings of the 12th EAI International Conference on Digital Forensics & Cyber Crime, Springer, 2021, (Accepted for publication. To appear).

Abstract | Links | BibTeX | Tags: digital forensics, malware, memory forensics, paging, Windows modules

Uroz, Daniel; Rodríguez, Ricardo J

On Challenges in Verifying Trusted Executable Files in Memory Forensics Journal Article

In: Forensic Science International: Digital Investigation, vol. 32, pp. 300917, 2020.

Abstract | Links | BibTeX | Tags: Authenticode, code signing, digital signature verification, memory forensics, Volatility

Uroz, Daniel; Rodríguez, Ricardo J

Characteristics and Detectability of Windows Auto-Start Extensibility Points in Memory Forensics Journal Article

In: Digital Investigation, vol. 28, pp. S95–S104, 2019, ISSN: 1742-2876.

Abstract | Links | BibTeX | Tags: Auto-start extensibility points, malware, memory forensics, System persistence, Volatility, Windows registry