Symposium sur la sécurité des technologies de l'information et des communications

The risk of security breaches is higher than ever and attackers are routinely breaking into corporate networks, government services, and critical infrastructures. As a result, it is not a matter of `if' a system will be compromised, but only a matter of `when' -- thus making the way we handle computer incidents and investigations of paramount importance.

Unfortunately, the forensics field still relies on a collection of best practices and a multitude of dedicated tools, without a proper scientific and theoretical foundation. In this talk I will discuss some of the limitation of the current approaches for Memory forensics. I will then present some of the recent contributions of my group in this area and use them to introduce my view on the future of memory forensics.