The risk of security breaches is now higher than ever, and attackers routinely break into corporate networks, government services, and even critical infrastructures. As a result, it is not a matter of `if' a system will be compromised, but only a matter of `when' -- thus making the way we handle computer incidents and investigations of paramount importance.
Unfortunately, the forensics field still relies on a collection of best practices and a multitude of dedicated tools without a proper scientific and theoretical foundation. In this talk, I will discuss the current approach to Memory forensics, its limitations, and possible solutions.
The talk will not be a tutorial on memory forensics, but it will focus instead on the research conducted in the field by using some of our recent contributions in this area to discuss open challenges and future directions.
Davide Balzarotti is a full Professor and head of the Digital Security department at EURECOM. He received his Ph.D. from Politecnico di Milano in 2006, and his research interests include most aspects of system security, particularly binary and malware analysis, reverse engineering, digital forensics, and web security. Davide authored more than 100 publications in leading conferences and journals. He has been the Program Chair of Usenix Security 2024, ACSAC 2017, RAID 2012, and Eurosec 2014. In 2017, Davide received an ERC Consolidator Grant for his research in the analysis of compromised systems. Davide is also a member of the "Order of the Overflow" team that organizes the DEF CON CTF competition.