Volatile memory computer forensics to detect kernel level compromise

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3269, Issue , 2004, Pages 158-170

  Ring, Sandra ^a   Cole, Eric ^a  

^a Sytex Group Inc   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER FORENSICS; COMPUTER OPERATING SYSTEMS; DATA STORAGE EQUIPMENT; HARD DISK STORAGE; LINUX;

DIGITAL EVIDENCE; HARD DRIVES; KERNEL MODIFICATIONS; KERNEL MODULES; NON-VOLATILE MEMORY; VOLATILE MEMORY;

DIGITAL STORAGE;

EID: 35048889034     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-30191-2_13     Document Type: Article

References (9)

1. EnCase Enterprise Edition, Detailed Product Description. Nov 2003. http://www.guidancesoftware.com/corporate/whitepapers/downloads/encase416.pdf
2. Steps for Recovering from a UNIX or NT System Compromise. Technical Report, CERT Coordination Center, April 2000. http://www.cert.org/tech_tips/win- UNIX-system_compromise.html
3. United States Secret Service: Best Practices for Seizing Electronic Evidence. http://www.treas.gov/usss/electronic_evidence.shtml
4. United States Supreme Court. Daubert v. Merrell Dow Pharmaceuticals Syllabus. June 28, 1993.
5. Carrier, B., Grand, J., A Hardware-Based Memory Acquisition Procedure for Digital Investigations, Digital Investigation, Vol. 1, Issue 1 (2004), 50-60.
6. Prosise, C., Mandia, K., Pepe, M., Incident Response and Computer Forensics, McGraw-Hill Osborne Media, 2 edition (2003).
7. Ring, S., Cole, E., Detecting and Dealing with New Rootkits. Sys Admin Magazine, Aug (2003) 28-33.
8. Ring, S., Cole, E., Taking a Lesson from Stealthy Rootkits, IEEE Security & Privacy, Vol. 2 Issue 4 (2004) 38-45.
9. Rose., C., Windows Live Incident Response Volatile Data Collection: Non-disruptive User and System Memory Forensics Analysis. http:/www.sytexif.com/ whitepaper.htm