Security - News

Mariusz Burdach: Digital forensics of the physical memory.

Abstract:
This paper presents methods by which physical memory from a compromised machine can be analyzed. Through this methods, it is possible to extract useful information from memory such as: a full content of files, detailed information about each process and also processes that were being executed and then were terminated in the past. This paper aims to explain the concepts of digital investigations of volatile memory. Techniques covered by this paper will lead you through the process of analyzing important structures and recovering contents of files from physical memory. In addition, a technique, that detects hidden User Mode processes, will be discussed indepth. This technique leads to detect processes which can be hidden by using various methods such as: function hooking or direct kernel object manipulation (DKOM). Basing on methods discussed in this paper, the proof-of-concept toolkit, called idetect, will be presented. This toolkit can help an investigator to extract some information from memory image or from memory object on a live system.

Autor: JP

Heuristické vyhledání souvisejících článků v archívu NEWS

• Studie: Acquisition and analysis of volatile memory from android devices
• Velká Británie - pro studenty vydán Personal information toolkit
• Dvoufaktorová autentizace podle RSA Security (white paper)
• PWC: Global state of information security survey 2008
• P?ehled PWC: Global state of information security survey.
• Hrozby APT a systémy SIEM (security information event management)