Forenzní analýza fyzické pam?ti
27.06.2005Mariusz Burdach: Digital forensics of the physical memory.
Abstract:
This paper presents methods by which physical memory from a compromised machine can
be analyzed. Through this methods, it is possible to extract useful information from memory
such as: a full content of files, detailed information about each process and also processes
that were being executed and then were terminated in the past. This paper aims to explain
the concepts of digital investigations of volatile memory. Techniques covered by this paper
will lead you through the process of analyzing important structures and recovering contents
of files from physical memory.
In addition, a technique, that detects hidden User Mode processes, will be discussed indepth.
This technique leads to detect processes which can be hidden by using various
methods such as: function hooking or direct kernel object manipulation (DKOM).
Basing on methods discussed in this paper, the proof-of-concept toolkit, called idetect, will
be presented. This toolkit can help an investigator to extract some information from memory
image or from memory object on a live system.
Zdroj: http://forensic.seccure.net/pdf/mburdach_digital_forensics_of_physical_memory.pdfAutor: JP
Heuristické vyhledání souvisejících článků v archívu NEWS
Pozor - není zdaleka přesné a výsledek je bez záruky...
Chcete-li článek obsahující konkrétní termín - pou·ijte funkci
vyhledávání !