ACM handle to paper">

Document Type

Conference Proceeding

Publication Date



Static memory analysis has been proven a valuable technique for digital forensics. However, the memory capture technique halts the system causing the loss of important dynamic system data. As a result, live analysis techniques have emerged to complement static analysis. In this paper, a compiled memory analysis tool for virtualization (CMAT-V) is presented as a virtual machine introspection (VMI) utility to conduct live analysis during simulated cyber attacks. CMAT-V leverages static memory dump analysis techniques to provide live system state awareness. CMAT-V parses an arbitrary memory dump from a simulated guest operating system (OS) to extract user information, network usage, active process information and registry files. Unlike some VMI applications, CMAT-V bridges the semantic gap using derivation techniques. This provides increased operating system compatibility for current and future operating systems. This research demonstrates the usefulness of CMAT-V as a situational awareness tool during simulated cyber attacks and measures the overall performance of CMAT-V.


AFIT Scholar furnishes an accepted manuscript of this conference paper.

Conference published by The Society for Modeling and Simulation International, in cooperation with SIGSIM: ACM Special Interest Group on Simulation and Modeling.

The published version of record is available through subscription at ACM using the handle link in the DOI field.

Shared in accordance with ACM's green open access policies found at their website.

Source Publication

2010 Summer Computer Simulation Conference (SCSC 10)