'Dementia' Wipes Out Attacker Footprints in Memory

Sun, 01/06/2013 - 7:00pm

By Kelly Jackson Higgins

ShutterstockForensics increasingly encompasses the analysis of potentially valuable clues and intelligence in the physical memory of an infected machine. But like anything in infosec, it's a constant cat-and-mouse game, with attackers finding new ways to hide their tracks in memory from incident response handlers trying to get to the bottom of a breach.

A researcher has developed a new tool called Dementia that cheats forensics tools that inspect attacker’s footprints in a Windows computer's memory. Dementia basically renders a phony image of the infected machine's memory as a way to hide evidence of an attacker's movements. The tool removes "specific artifacts from the memory or the image being created. While the image itself is correct — it can be analyzed — specific artifacts are not present, which can hide traces of attacker's activities," says Luka Milkovic, who developed the tool. Milkovic, who is a information security consultant with Croatia-based Infigo, recently demonstrated the tool at the CCC conference in Hamburg, Germany.

Read more.

Source: Dark Reading


Share this Story

You may login with either your assigned username or your e-mail address.
The password field is case sensitive.