Reading Time: < 1 minute

Show all

Fernández-Álvarez, Pedro; Rodríguez, Ricardo J.

Module Extraction and DLL Hijacking Detection via Single or Multiple Memory Dumps Journal Article

In: Forensic Science International: Digital Investigation, vol. 44, pp. 301505, 2023, ISSN: 2666-2817, (Accepted for publication. To appear. Selected Papers of the Tenth Annual DFRWS Europe Conference).

Abstract | Links | BibTeX | Tags: digital forensics, DLL hijacking, memory forensics, Volatility, Windows

Fernández-Álvarez, Pedro; Rodríguez, Ricardo J

Extraction and Analysis of Retrievable Memory Artifacts from Windows Telegram Desktop Application Journal Article

In: Forensic Science International: Digital Investigation, vol. 40, pp. 301342, 2022, ISBN: 2666-2817.

Abstract | Links | BibTeX | Tags: digital forensics, instant messaging, memory forensics, Telegram Desktop, Windows

Martín-Pérez, Miguel; Rodríguez, Ricardo J; Balzarotti, Davide

Pre-processing Memory Dumps to Improve Similarity Score of Windows Modules Journal Article

In: Computers & Security, vol. 101, pp. 102119, 2021, ISSN: 0167-4048.

Abstract | Links | BibTeX | Tags: memory forensics, relocation, similarity digest algorithms, Windows

Uroz, Daniel; Rodríguez, Ricardo J

Evaluation of the Executional Power in Windows using Return Oriented Programming Proceedings Article

In: Proceedings of the 15th IEEE Workshop on Offensive Technologies (WOOT), pp. 361–372, IEEE, 2021.

Abstract | Links | BibTeX | Tags: automatic exploit, evaluation, ROP chain, Turing-completeness, Windows

Rodríguez, Ricardo J; Martín-Pérez, Miguel; Abadía, Iñaki

A Tool to Compute Approximation Matching between Windows Processes Proceedings Article

In: Proceedings of the 2018 6th International Symposium on Digital Forensic and Security (ISDFS), pp. 313–318, 2018.

Abstract | Links | BibTeX | Tags: bytewise approximate matching, forensic memory analysis, Volatility, Windows