Memory Tracing: Forensic Reverse Engineering

Presented at REcon 2014, June 28, 2014, 5 p.m. (60 minutes)

*Memory tracing* is an entirely novel reverse engineering technique, which we have developed and used over the last couple of years. In a nutshell, the technique consists of a *recorder* which records RAM snapshots of an instrumented system - running the target software to be reverse engineered - with a high frequency (up to 100 snapshots per second), and an *analysis toolchain* which processes and visualizes the recorded snapshots to reverse engineer the behavior of the target. Memory tracing allows for various novel reverse engineering techniques, and in some cases simplifies and speeds up or automates existing ones.

Presenters:

• Dominic Fischer
• Endre Bangerter

Links:

• https://recon.cx/2014/schedule/events/21.html
• https://infocon.org/cons/REcon/REcon 2014/endre-bangerter-dominic-fischer-Memory-Tracing-Forensic-Reverse-Engineering.mp4

Similar Presentations:

• GrrCON 2019 / Reverse Engineering Malware for N00bs
• ToorCon: Seattle 2008 / Reverse Engineering Cookbook
• BSidesLV 2017 / Messing with Forensic Analysts: Modifying VSS Snapshots