论文信息 - Chapter 2 – Memory Forensics: Analyzing Physical and Process Memory Dumps for Malware Artifacts - 字舞流文

Chapter 2 – Memory Forensics: Analyzing Physical and Process Memory Dumps for Malware Artifacts

Eoghan Casey | Cameron H. Malin | James M. Aquilina

[1] Heng Yin,et al. Renovo: a hidden code extractor for packed executables , 2007, WORM '07.

[2] Brendan Dolan-Gavitt,et al. Forensic analysis of the Windows registry in memory , 2008, Digit. Investig..

[3] Eoghan Casey,et al. Extracting Windows command line details from physical memory , 2010 .

[4] Wenke Lee,et al. PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[5] Julian B. Grizzard,et al. Locating ×86 paging structures in memory images , 2010, Digit. Investig..

[6] Mourad Debbabi,et al. Extraction of forensically sensitive information from windows physical memory , 2009, Digit. Investig..

[7] Brendan Dolan-Gavitt,et al. The VAD tree: A process-eye view of physical memory , 2007, Digit. Investig..

[8] William A. Arbaugh,et al. FATKit: A framework for the extraction and analysis of digital forensic data from volatile system memory , 2006, Digit. Investig..