The impact of GPU-assisted malware on memory forensics: A case study

Davide Balzarotti, Roberto Di Pietro, Antonio Villani

Research output: Contribution to journalArticlepeer-review

11 Scopus citations

Abstract

Abstract In this paper we assess the impact of GPU-assisted malware on memory forensics. In particular, we first introduce four different techniques that malware can adopt to hide its presence. We then present a case study on a very popular family of Intel GPUs, and we analyze in which cases the forensic analysis can be performed using only the host's memory and in which cases it requires access to the GPU's memory. Our analysis shows that, by offloading some computation to the GPUs, it is possible to successfully hide some malicious behavior. Furthermore, we provide suggestions and insights about which artifacts could be used to detect the presence of GPU-assisted malware.
Original languageEnglish (US)
Pages (from-to)S16-S24
JournalDigital Investigation
Volume14
Issue numberS1
DOIs
StatePublished - Aug 1 2015
Externally publishedYes

ASJC Scopus subject areas

  • Medical Laboratory Technology
  • Law
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'The impact of GPU-assisted malware on memory forensics: A case study'. Together they form a unique fingerprint.

Cite this