TY - JOUR
T1 - The impact of GPU-assisted malware on memory forensics: A case study
AU - Balzarotti, Davide
AU - Di Pietro, Roberto
AU - Villani, Antonio
N1 - Generated from Scopus record by KAUST IRTS on 2023-09-20
PY - 2015/8/1
Y1 - 2015/8/1
N2 - Abstract In this paper we assess the impact of GPU-assisted malware on memory forensics. In particular, we first introduce four different techniques that malware can adopt to hide its presence. We then present a case study on a very popular family of Intel GPUs, and we analyze in which cases the forensic analysis can be performed using only the host's memory and in which cases it requires access to the GPU's memory. Our analysis shows that, by offloading some computation to the GPUs, it is possible to successfully hide some malicious behavior. Furthermore, we provide suggestions and insights about which artifacts could be used to detect the presence of GPU-assisted malware.
AB - Abstract In this paper we assess the impact of GPU-assisted malware on memory forensics. In particular, we first introduce four different techniques that malware can adopt to hide its presence. We then present a case study on a very popular family of Intel GPUs, and we analyze in which cases the forensic analysis can be performed using only the host's memory and in which cases it requires access to the GPU's memory. Our analysis shows that, by offloading some computation to the GPUs, it is possible to successfully hide some malicious behavior. Furthermore, we provide suggestions and insights about which artifacts could be used to detect the presence of GPU-assisted malware.
UR - https://linkinghub.elsevier.com/retrieve/pii/S1742287615000559
UR - http://www.scopus.com/inward/record.url?scp=84938981935&partnerID=8YFLogxK
U2 - 10.1016/j.diin.2015.05.010
DO - 10.1016/j.diin.2015.05.010
M3 - Article
SN - 1742-2876
VL - 14
SP - S16-S24
JO - Digital Investigation
JF - Digital Investigation
IS - S1
ER -