Memory Tracing: Forensic Reverse Engineering

Presented at REcon 2014, June 28, 2014, 5 p.m. (60 minutes).

*Memory tracing* is an entirely novel reverse engineering technique, which we have developed and used over the last couple of years. In a nutshell, the technique consists of a *recorder* which records RAM snapshots of an instrumented system - running the target software to be reverse engineered - with a high frequency (up to 100 snapshots per second), and an *analysis toolchain* which processes and visualizes the recorded snapshots to reverse engineer the behavior of the target. Memory tracing allows for various novel reverse engineering techniques, and in some cases simplifies and speeds up or automates existing ones.

Presenters:

Links:

Similar Presentations: