Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security
Virtual Reality (VR) has become a reality. With the technology's increased use cases, comes its misuse. Malware affecting the Virtual Environment (VE) may prevent an investigator from ascertaining virtual information from a physical scene, or from traditional “dead” analysis. Following the trend of antiforensics, evidence of an attack may only be found in memory, along with many other volatile data points. Our work provides the primary account for the memory forensics of Immersive VR systems, and in specific the HTC Vive. Our approach is capable of reconstituting artifacts from memory that are relevant to the VE, and is also capable of reconstructing a visualization of the room setup a VR player was immersed into. In specific, we demonstrate that the VE, location, state and class of VR devices can be extracted from memory. Our work resulted in the first open source VR memory forensics plugin for the Volatility Framework. We discuss our findings, and our replicable approach that may be used in future memory forensics research.
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Casey, Peter; Lindsay-Decusati, Rebecca; Baggili, Ibrahim; and Breitinger, Frank, "Inception: Virtual Space in Memory Space in Real Space" (2019). Electrical & Computer Engineering and Computer Science Faculty Publications. 92.
Casey, P., Lindsay-Decusati, R., Baggili, I., & Breitinger, F. (2019). Inception: Virtual Space in Memory Space in Real Space–Memory Forensics of Immersive Virtual Reality with the HTC Vive. Digital Investigation, 29, S13-S21.