Search This Blog

February 09, 2012

Detection of Hidden Bare-Metal Hypervisors, Russian Thesis


Here is my Russian thesis in pdf & docx formats.

Here are my recent research papers:

Korkin, I. (2018, May 17-18). Hypervisor-Based Active Data Protection for Integrity and Confidentiality of Dynamically Allocated Memory in Windows Kernel. Paper presented at the Proceedings of the 13th annual Conference on Digital Forensics, Security and Law (CDFSL), University of Texas at San Antonio (UTSA), San Antonio, Texas. Retrieved from https://commons.erau.edu/adfsl/2018/presentations/13/, source code, demos, slides, and paper

Korkin, I., & Tanda S. (2017, May 15-16). Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access. Paper presented at the Proceedings of the 12th annual Conference on Digital Forensics, Security and Law (CDFSL), Embry-Riddle Aeronautical University, Daytona Beach, Florida, USA. Retrieved from commons.erau.edu/adfsl/2017/papers/5/, slides, video, and source code

Tanda S., & Korkin, I. (2016, June 17-19). Monitoring & controlling kernel-mode events by HyperPlatform. Paper presented at the REcon conference, Montreal, Canada 47-82. slides and code

Korkin, I., & Nesterow I., (2016, May 24-26). Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump Using CUDA-enabled GPU Hardware. Paper presented at the Proceedings of the 11th annual Conference on Digital Forensics, Security and Law (CDFSL), Embry-Riddle Aeronautical University, Daytona Beach, Florida, USA, pp. 47-82. slides and speech

Update 07/16/2015 - Best Paper Award
Korkin, I. (2015, September). Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluctuations. Journal of Digital Forensics, Security and Law, Vol 10, No 2, pp 7-38. Retrieved from http://ojs.jdfsl.org/index.php/jdfsl/article/view/337, slides, video, and source code

Korkin, I. (2015, May 18-21). Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluctuations. Paper presented at the Proceedings of the 10th Annual Conference on Digital Forensics, Security and Law (CDFSL), 33-57, Embry-Riddle Aeronautical University, Daytona Beach, Florida, USA. Retrieved from http://proceedings.adfsl.org/index.php/CDFSL/article/view/128/125, slides, video, and source code

Korkin, I., & Nesterov I., (2014, May 28-29). Applying Memory Forensics to Rootkit Detection. Paper presented at the Proceedings of the 9th annual Conference on Digital Forensics, Security and Law (CDFSL), 115-141, Richmond, VA, USA. slides+video