Exploration of In-Memory Analytics

Kristine Monteith | 20-ERD-053

Executive Summary

The goal of this project is to expand our knowledge of computer memory usage and to use that knowledge to develop approaches and algorithms that enable a robust defense against memory-based cyberattacks. Our contribution will be a body of research that will provide a basis for the development of in-memory cyberdefense strategies to protect U.S. government systems.

Publications, Presentations, and Patents

Monteith, Kristine, Mark DeSantis, Seth Lyles, Hannah Nyholm, and Claire Taylor. “MNEMOSYNE: Exploration of Memory-Based Analytics for Cyber Threats." In Classified Conference 9/30/2020. LLNL-PRES-826875.

Battisti, Chris, Hannah Nyholm, and Kristine Monteith. 2020. “Seeing the Cyber-Defense Forest Through the Process Trees.” In Classified Conference 11/4/20. LLNL-PRES-816122.

Kristine Monteith. “Embedding Virtual Address Descriptor (VAD) Trees.” In Government Sponsor Workshop Outbrief 11/10/20. LLNL-PRES-826876.

Monteith, Kristine, Mark DeSantis, Seth Lyles, Hannah Nyholm, Claire Taylor, and Micaela Gallegos. “Embedding Virtual Address Descriptor (VAD) Trees.” In LLNL Workshop Outbrief 2/12/21.

Nyholm, Hannah. “Volatile Memory Forensics: A Survey.” In Malware Technical Exchange Meeting 7/14/21. LLNL-CONF-824108.

Monteith, Kristine. “Exploration of Memory-Based Analytics for Cyber Threats.” In Malware Technical Exchange Meeting 7/15/21. LLNL-POST-826888.

Lyles, Seth. Open-source code contribution to Volatilty project https://github.com/volatilityfoundation/volatility

Lyles, Seth. Open-source code contribution to Minidump project. https://github.com/skelsec/minidump