메뉴 건너뛰기
Digital Investigation
Volumn 5, Issue SUPPL., 2008, Pages
The impact of Microsoft Windows pool allocation strategies on memory forensics
Author keywords

Microsoft Windows; Pool memory; Process Persistence; Volatile data
Indexed keywords

LAKES;
EID: 48949095226     PISSN: 17422876     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.diin.2008.05.007     Document Type: Article
Times cited : (33)
References (17)
  • 2
    • 27644554446 scopus 로고    scopus 로고
    • Addison Wesley Professional, Upper Saddle River, NJ, USA
    • Farmer D., and Venema W. Forensic discovery (2005), Addison Wesley Professional, Upper Saddle River, NJ, USA
    • (2005) Forensic discovery
    • Farmer, D.1    Venema, W.2
  • 3
    • 48949088183 scopus 로고    scopus 로고
    • [accessed 01.01.08]
    • fuzen_op. FU Rootkit (2005). [accessed 01.01.08]
    • (2005)
  • 4
    • 48949095670 scopus 로고    scopus 로고
    • IndigoSTAR, Mississauga, Ontario, Canada [accessed 01.03.08]
    • IndigoSTAR Software. Perl2Exe (August 2007), IndigoSTAR, Mississauga, Ontario, Canada. [accessed 01.03.08]
    • (2007) Perl2Exe
    • IndigoSTAR Software1
  • 5
    • 84868559900 scopus 로고    scopus 로고
    • Memory allocator attack and defense
    • [accessed 01.03.08]
    • Johnson R. Memory allocator attack and defense. ToorCon Seattle (May 2007). [accessed 01.03.08]
    • (2007) ToorCon Seattle
    • Johnson, R.1
  • 7
    • 84868531210 scopus 로고    scopus 로고
    • Microsoft Corporation, Redmond [accessed 01.03.08]
    • Microsoft Corporation. ExAllocatePoolWithTag (2008), Microsoft Corporation, Redmond. [accessed 01.03.08]
    • (2008) ExAllocatePoolWithTag
    • Microsoft Corporation1
  • 9
    • 33745993901 scopus 로고    scopus 로고
    • Searching for processes and threads in Microsoft Windows memory dumps
    • 10.1016/j.diin.2006.06.010
    • Schuster A. Searching for processes and threads in Microsoft Windows memory dumps. Digital Investigation 3 suppl. 1 (September 2006) 10-16 10.1016/j.diin.2006.06.010
    • (2006) Digital Investigation , vol.3 , Issue.SUPPL. 1 , pp. 10-16
    • Schuster, A.1
  • 10
    • 85135141322 scopus 로고    scopus 로고
    • Pool allocations as an information source in windows memory forensics
    • IT-incident management & IT-forensics - IMF 2006. Göbel O., Schadt D., Frings S., Hase H., Günther D., and Nedon J. (Eds)
    • Schuster A. Pool allocations as an information source in windows memory forensics. In: Göbel O., Schadt D., Frings S., Hase H., Günther D., and Nedon J. (Eds). IT-incident management & IT-forensics - IMF 2006. Lecture notes in informatics vol. P-97 (18 October 2006) 104-115
    • (2006) Lecture notes in informatics , vol.P-97 , pp. 104-115
    • Schuster, A.1
  • 13
    • 48949092293 scopus 로고    scopus 로고
    • How to exploit Windows kernel memory pool
    • [accessed 01.03.08]
    • SoBeIt. How to exploit Windows kernel memory pool. XCon (August 2005). [accessed 01.03.08]
    • (2005) XCon
    • SoBeIt1
  • 14
    • 34447517356 scopus 로고    scopus 로고
    • User data persistence in physical memory
    • 10.1016/j.diin.2007.03.002
    • Solomon J., Huebner E., Bem D., and Szeżynska M. User data persistence in physical memory. Digital Investigation 4 2 (2007) 68-72 10.1016/j.diin.2007.03.002
    • (2007) Digital Investigation , vol.4 , Issue.2 , pp. 68-72
    • Solomon, J.1    Huebner, E.2    Bem, D.3    Szezynska, M.4
  • 15
    • 84868537737 scopus 로고    scopus 로고
    • VMware, Inc., Palo Alto, CA, USA [accessed 01.03.08]
    • VMware, Inc. VMware products (2008), VMware, Inc., Palo Alto, CA, USA. [accessed 01.03.08]
    • (2008) VMware products
    • VMware,, Inc.1
  • 16
    • 74049091891 scopus 로고    scopus 로고
    • Volatools: integrating volatile memory forensics into the digital investigation process
    • [accessed 01.03.08]
    • Walters A., and Petroni N.L. Volatools: integrating volatile memory forensics into the digital investigation process. BlackHat DC (February 2007). [accessed 01.03.08]
    • (2007) BlackHat DC
    • Walters, A.1    Petroni, N.L.2

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.