The Influence of Virtual Secure Mode (VSM) on Memory Acquisition

Cahyani, Niken Dwi Wahyu; Jadied, Erwid Musthofa; Rahman, Nazneen; Ariyanto, Endro

doi:10.14569/ijacsa.2022.0131163

Cited by 2 publications

(4 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These figs implies that the FTK Imager application is running smoothly without any problem found in the operating system. Different between this study, the latest research by Niken [6], it shows that this application cannot run properly in Windows 10 while VSM environment being turned on.…”

Section: System Analysiscontrasting

confidence: 85%

“…Other than Autopsy, the experiment on FTK Imager shows that the tools running smoothly for both versions. It leads to comparing this experiment with research by Niken [6], because the result on FTK Imager is different with this study. System analysis method is being applied on FTK Imager and shows that the difference between the edition of Windows 10 can cause different occurrence in the safe mode.…”

Section: Discussionmentioning

confidence: 65%

“…This study is continuing the research being done by Niken [6]. The purpose is for identifying any new variables that comes up to the related issues.…”

Section: Literature Reviewmentioning

confidence: 83%

“…Research related to this study is being done by Niken [6]. The research shows that FTK Imager cannot run properly on the device being used.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Static Code Analysis on The Effect of Virtual Secure Mode on Memory Acquisition with IDA

Adryana,

Cahyani,

Jadied

2023

ijoict

View full text Add to dashboard Cite

Memory acquisition process is one of digital forensics act. There are several tools that support memory acquisition process. At this time, there is a feature named secure mode that can caused crash or error in memory acquisition tools system and caused the tools to be unusable, also the loss of the computer memory. This research is focusing on analyzing the acquisition tools that has error or crash when the device that is being used for memory acquisition is in secure mode. The analysis is being carried out using static code analysis method, which is one of the techniques of reverse engineering, using IDA. This study aims to find the cause of the crash or error in memory acquisition tools. The purpose of this study is to be useful for digital forensic tester in understanding the potential risk of the secure mode impact in acquisition process. The results of this study indicate that different operating system and different kernel which runs in the device are the reasons that memory acquisition tools cannot run properly on VSM environment being turned on.

show abstract