The risk of security breaches is higher than ever and attackers are routinely breaking into corporate networks, government services, and critical infrastructures. As a result, it is not a matter of `if' a system will be compromised, but only a matter of `when' -- thus making the way we handle computer incidents and investigations of paramount importance.
Unfortunately, the forensics field still relies on a collection of best practices and a multitude of dedicated tools, without a proper scientific and theoretical foundation. In this talk I will discuss some of the limitation of the current approaches for Memory forensics. I will then present some of the recent contributions of my group in this area and use them to introduce my view on the future of memory forensics.
