SCOPUS 정보 검색 플랫폼 - 논문 보기

메뉴 건너뛰기

Digital Investigation

Volumn 4, Issue SUPPL., 2007, Pages 126-134

BodySnatcher: Towards reliable volatile memory acquisition by software

(1) Schatz, Bradley a

a Evimetry (Australia)

Author keywords

Digital forensics; Memory acquisition; Memory imaging; Volatile memory forensics

Indexed keywords

COMPUTER OPERATING SYSTEMS; IMAGING SYSTEMS; RELIABILITY THEORY; SECURITY OF DATA;

DIGITAL FORENSICS; MEMORY ACQUISITION; MEMORY IMAGING; VOLATILE MEMORY FORENSICS;

DATA STORAGE EQUIPMENT;

EID: 34447528955 PISSN: 17422876 EISSN: None Source Type: Journal
DOI: 10.1016/j.diin.2007.06.009 Document Type: Article

Times cited : (53)

References (22)

1
- 34447512079
- Aloni D. Cooperative Linux. In: Linux symposium, Ottawa, CA, 2004.

2
- 65249161004
- Boileau A. Hit by a bus: physical access attacks with Firewire (2006). [cited April 2007]. Available from:
- (2006) Hit by a bus: physical access attacks with Firewire
- Boileau, A.¹

3
- 34447541122
- Bilby D. Low down and dirty: anti-forensic rootkits (2006). [cited May 2007]. Available from:
- (2006) Low down and dirty: anti-forensic rootkits
- Bilby, D.¹

4
- 34447541281
- Becher M., Dornseif M., and Klein C.N. FireWire: all your memory are belong to us (2005). [cited April 2007]. Available from:
- (2005) FireWire: all your memory are belong to us
- Becher, M.¹ Dornseif, M.² Klein, C.N.³

5
- 21644433634
- Barham P, Dragovic B, Fraser K, Hand, S, Harris T, et al. Xen and the art of virtualization. In: ACM symposium on operating systems principles, Bolton Landing, NY; 2003.

6
- 3042731401
- A hardware-based memory acquisition procedure for digital investigations
- Carrier B.D., and Grand J. A hardware-based memory acquisition procedure for digital investigations. J Digit Investig 1 1 (2004)
- (2004) J Digit Investig , vol.1 , Issue.1
- Carrier, B.D.¹ Grand, J.²

7
- 3042727237
- Practical approaches to recovering encrypted digital evidence
- Casey E. Practical approaches to recovering encrypted digital evidence. Int J Digit Evid 1 3 (2002)
- (2002) Int J Digit Evid , vol.1 , Issue.3
- Casey, E.¹

8
- 34447551547
- Carvey H. lsproc released (2006). [cited April 2007]. Available from:
- (2006) lsproc released
- Carvey, H.¹

9
- 84868383441
- DFRWS. Memory analysis challenge (2005). [cited April 2007]. Available from:
- (2005) Memory analysis challenge
- DFRWS¹

10
- 3042765009
- Pearson Education
- Drake C., and Brown K. PANIC! UNIX system crash dump analysis handbook (1995), Pearson Education
- (1995) PANIC! UNIX system crash dump analysis handbook
- Drake, C.¹ Brown, K.²

11
- 27644554446
- Addison Wesley Professional
- Farmer D., and Venema W. Forensic discovery (2004), Addison Wesley Professional
- (2004) Forensic discovery
- Farmer, D.¹ Venema, W.²

12
- 3042769757
- Garner G.M. Forensic acquisition utilities (2006). [cited April 2007]. Available from:
- (2006) Forensic acquisition utilities
- Garner, G.M.¹

13
- 34447518454
- Goyal V, Biederman EW, Nellitheertha H. Kdump, a kexec-based kernel crash dumping mechanism. In: Linux symposium, Ottowa, CA, 2005.

14
- 34447516640
- Garner G.M. Overview of kntlist analysis tool (2005). [cited April 2007]. Available from:
- (2005) Overview of kntlist analysis tool
- Garner, G.M.¹

15
- 77952258309
- MicroSoft. Windows feature lets you generate a memory dump file by using the keyboard (2007). [cited April 2007]. Available from:
- (2007) Windows feature lets you generate a memory dump file by using the keyboard
- MicroSoft¹

16
- 33751342034
- FATKit: a framework for the extraction and analysis of digital forensic data from volatile system memory
- Petroni N.L., et al. FATKit: a framework for the extraction and analysis of digital forensic data from volatile system memory. Digit Investig 3 4 (2006)
- (2006) Digit Investig , vol.3 , Issue.4
- Petroni, N.L.¹

17
- 77952255373
- Rutlowska J. Beyond the CPU: cheating hardware based RAM forensics (2007). [cited April 2007]. Available from:
- (2007) Beyond the CPU: cheating hardware based RAM forensics
- Rutlowska, J.¹

18
- 35048889034
- Volatile memory computer forensics to detect kernel level compromise
- p. 158-70
- Ring S., and Cole E. Volatile memory computer forensics to detect kernel level compromise. Lecture notes in Computer Science (2004) p. 158-70
- (2004) Lecture notes in Computer Science
- Ring, S.¹ Cole, E.²

19
- 50849097989
- Schuster A. Searching for processes and threads in Microsoft Windows memory dumps. In: Digital forensics workshop (DFRWS), 2006.

20
- 77952405499
- [cited 23 May 2007]. Available from:
- Sparks S., and Butler J. Shadow walker: raising the bar for Windows rootkit detection. [cited 23 May 2007]. Available from: (2005).
- (2005) Shadow walker: raising the bar for Windows rootkit detection
- Sparks, S.¹ Butler, J.²

21
- 34447539179
- Vidstrom A. Memory dumping with NTSystemDebugControl (2006). [cited April 2007]. Available from:
- (2006) Memory dumping with NTSystemDebugControl
- Vidstrom, A.¹

22
- 34447554701
- Vidstrom A. Forensic memory dumping intricacies - PhysicalMemory, DD, and caching issues (2006). [cited April 2007]. Available from:
- (2006) Forensic memory dumping intricacies - PhysicalMemory, DD, and caching issues
- Vidstrom, A.¹

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.