CIS Homeline

 
CIS Home divider Penn Engineering divider PENN   spacer
 

 
    Peter Chen: Virtual machines: the ultimate tool for computer forensics                                                                                                 

The field of computer forensics seeks to help investigators reconstruct what happened during a computer intrusion.  How did the attacker break in?  What havoc did he/she wreak after breaking in? Tools that help investigators answer these types of questions are still relatively primitive and are often hindered by incomplete or incorrect information.  In this talk, I describe how virtual machines can enable more powerful forensic analysis by replaying a computer's instruction stream.  I then describe how to use the ability to replay an instruction stream to enable reverse debugging of intrusions and bugs.  I then describe a particular forensic tool called BackTracker, which creates a high-level, cause-and-effect graph of how an intrusion occurred.

Back to main Colloq Page


 
 
CIS Home divider Penn Engineering divider PENN   spacer