Windows memory forensics

View Related Documents

Book Chapter
A Compiled Memory Analysis Tool
James Okolica and Gilbert Peterson
IFIP Advances in Information and Communication Technology, 2010, Volume 337, Advances in Digital Forensics VI, Pages 195-204
- Download PDF (126.5 KB)
Book Chapter
Implicit Detection of Hidden Processes with a Feather-Weight Hardware-Assisted Virtual Machine Monitor
Yan Wen, Jinjing Zhao, Huaimin Wang and Jiannong Cao
Lecture Notes in Computer Science, 2008, Volume 5107, Information Security and Privacy, Pages 361-375
- Download PDF (1.5 MB)
Book Chapter
Semiotics
Texts in Theoretical Computer Science. An EATCS Series, 2006, Software Engineering 2, Part IV, Pages 213-239
- Download PDF (2.0 MB)
Book Chapter
Timely Rootkit Detection During Live Response
Daniel Molina, Matthew Zimmerman, Gregory Roberts, Marnita Eaddie and Gilbert Peterson
IFIP International Federation for Information Processing, 2008, Volume 285, Advances in Digital Forensics IV, Pages 139-148
- Download PDF (209.8 KB)
Journal Article
Kernel rootkits implement and detection
Li Xianghe, Zhang Liancheng and Li Shuo
Wuhan University Journal of Natural Sciences, 2006, Volume 11, Number 6, Pages 1473-1476
- Download PDF (371.6 KB)
Book Chapter
To Tune or Not to Tune? Nobody Should Ask That Question
2009, Pro BizTalk 2009, Part 3, Pages 453-505
- Download PDF (665.7 KB)
Book Chapter
Live Communications Server Clients
2007, Pro LCS, Part 1, Pages 43-62
- Download PDF (788.1 KB)
Book Chapter
To Tune or Not to Tune? Nobody Should Ask That Question
2007, Pro BizTalk 2006, Part 3, Pages 421-455
- Download PDF (330.1 KB)
Book Chapter
ACCFS – Operating System Integration of Computational Accelerators Using a VFS Approach
Andreas Heinig, Jochen Strunk, Wolfgang Rehm and Heiko Schick
Lecture Notes in Computer Science, 2009, Volume 5453, Reconfigurable Computing: Architectures, Tools and Applications, Pages 374-379
- Download PDF (145.6 KB)
Journal Article
Dynamic Analysis of Malicious Code
Ulrich Bayer, Andreas Moser, Christopher Kruegel and Engin Kirda
Journal in Computer Virology, 2006, Volume 2, Number 1, Pages 67-77
- Download PDF (218.3 KB)

Abstract

This paper gives an overview of all known “live” memory collection techniques on a Windows system, and freely available memory analysis tools. Limitations and known anti-collection techniques will also be reviewed. Analysis techniques will be illustrated through some practical examples, drawn from past forensics challenges. This paper is forensics-oriented, but the information provided information will also be of interest to malware analysts fighting against stealth rootkits.

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

Windows memory forensics

View Related Documents

Abstract

Fulltext Preview