At ZeroNights 2019, Matt Suiche will deliver a talk titled “From Memory Forensics to Cloud Memory Analysis”.
Matt Suiche is the founder of memory analysis start-up Comae Technologies and cyber-security conference OPCDE. Prior to founding Comae, he was the co-founder & Chief Scientist of the application virtualization start-up CloudVolumes which was acquired by VMware in 2014. His also previous employers include the Netherlands Forensics Institute and Airbus. Matt is also on the review board of Shakacon, OffensiveCon, BlueHat IL and BlackHat USA.
Matt is best known for his memory forensics work. His most notable research contributions include Windows hibernation file analysis and Mac OS X physical memory analysis.
Memory has long been subject to many eyes, from both offensive and defensive sides — from fileless malware to debugging and troubleshooting through memory inspection. As it is becoming more and more common to encounter servers with terabytes of memory, but also to spin off and shutdown temporary servers because of containers where only plain text logs are collected. And this is without mentioning hybrid servers like Windows with WSL (Linux Subsystem) enabled.
A lot of very exciting things are being rolled out by cloud providers, but they are also creating blind-spots from a monitoring point of view. Let’s explore together how memory integrity can be use as a more robust form of logs than plain text logs for those new scenarios.