Reading Time: < 1 minute

Show all

Fernández-Álvarez, Pedro; Rodríguez, Ricardo J.

Module Extraction and DLL Hijacking Detection via Single or Multiple Memory Dumps Journal Article

In: Forensic Science International: Digital Investigation, vol. 44, pp. 301505, 2023, ISSN: 2666-2817, (Accepted for publication. To appear. Selected Papers of the Tenth Annual DFRWS Europe Conference).

Abstract | Links | BibTeX | Tags: digital forensics, DLL hijacking, memory forensics, Volatility, Windows

Uroz, Daniel; Rodríguez, Ricardo J

On Challenges in Verifying Trusted Executable Files in Memory Forensics Journal Article

In: Forensic Science International: Digital Investigation, vol. 32, pp. 300917, 2020.

Abstract | Links | BibTeX | Tags: Authenticode, code signing, digital signature verification, memory forensics, Volatility

Uroz, Daniel; Rodríguez, Ricardo J

Characteristics and Detectability of Windows Auto-Start Extensibility Points in Memory Forensics Journal Article

In: Digital Investigation, vol. 28, pp. S95–S104, 2019, ISSN: 1742-2876.

Abstract | Links | BibTeX | Tags: Auto-start extensibility points, malware, memory forensics, System persistence, Volatility, Windows registry

Rodríguez, Ricardo J; Martín-Pérez, Miguel; Abadía, Iñaki

A Tool to Compute Approximation Matching between Windows Processes Proceedings Article

In: Proceedings of the 2018 6th International Symposium on Digital Forensic and Security (ISDFS), pp. 313–318, 2018.

Abstract | Links | BibTeX | Tags: bytewise approximate matching, forensic memory analysis, Volatility, Windows