메뉴 건너뛰기
Journal of Computers
Volumn 5, Issue 4, 2010, Pages 541-548
Memory forensics for QQ from a live system
Author keywords

Instant messaging; Memory analysis; Memory forensics; Microsoft windows; The qq client
Indexed keywords

INSTANT MESSAGING; MEMORY ANALYSIS; MICROSOFT WINDOWS; PAGING FILE; SENSITIVE INFORMATIONS;
EID: 78651525326     PISSN: 1796203X     EISSN: None     Source Type: Journal    
DOI: 10.4304/jcp.5.4.541-548     Document Type: Article
Times cited : (16)
References (17)
  • 1
    • 33745171808 scopus 로고    scopus 로고
    • An examination into MSN Messenger 7.5 contact identification
    • June
    • Dickson M. An examination into MSN Messenger 7.5 contact identification. Digital Investigation Volume 3, Issue 2, June 2006, Pages 79-83.
    • (2006) Digital Investigation , vol.3 , Issue.2 , pp. 79-83
    • Dickson, M.1
  • 2
    • 33750369860 scopus 로고    scopus 로고
    • An examination into Yahoo Messenger 7.0 contact identification
    • September
    • Dickson M. An examination into Yahoo Messenger 7.0 contact identification. Digital Investigation, Volume 3, Issue 3, September 2006, Pages 159-165.
    • (2006) Digital Investigation , vol.3 , Issue.3 , pp. 159-165
    • Dickson, M.1
  • 3
    • 33751336113 scopus 로고    scopus 로고
    • An examination into AOL Instant Messenger 5.5 contact identification
    • December
    • Dickson M. An examination into AOL Instant Messenger 5.5 contact identification. Digital Investigation, Volume 3, Issue 4, December 2006, Pages 227-237.
    • (2006) Digital Investigation , vol.3 , Issue.4 , pp. 227-237
    • Dickson, M.1
  • 4
    • 33847252861 scopus 로고    scopus 로고
    • An examination into Trillian basic 3.x contact identification
    • March
    • Dickson M. An examination into Trillian basic 3.x contact identification. Digital Investigation, Volume 4, Issue 1, March 2007, Pages 36-45.
    • (2007) Digital Investigation , vol.4 , Issue.1 , pp. 36-45
    • Dickson, M.1
  • 5
    • 34447338569 scopus 로고    scopus 로고
    • Forensic artefacts left by Windows Live Messenger 8.0
    • June
    • van Dongen Wouter S. Forensic artefacts left by Windows Live Messenger 8.0. Digital Investigation, Volume 4, Issue 2, June 2007, Pages 73-87.
    • (2007) Digital Investigation , vol.4 , Issue.2 , pp. 73-87
    • van Dongen, W.S.1
  • 6
    • 40849095638 scopus 로고    scopus 로고
    • Forensic artefacts left by Pidgin Messenger 2.0
    • September-December
    • Wouter S. van Dongen. Forensic artefacts left by Pidgin Messenger 2.0. Digital Investigation, Volume 4, Issues 3-4, September-December 2007, Pages 138-145.
    • (2007) Digital Investigation , vol.4 , Issue.3-4 , pp. 138-145
    • van Dongen, W.S.1
  • 7
    • 48749118027 scopus 로고    scopus 로고
    • Forensic memory analysis: Files mapped in memory
    • September
    • R.B. van Baar, W. Alink, A.R. van Ballegooij. Forensic memory analysis: Files mapped in memory. Digital Investigation, Volume 5, Issues 1-2, September 2008, Pages 34-48.
    • (2008) Digital Investigation , vol.5 , Issue.1-2 , pp. 34-48
    • van Baar, R.B.1    Alink, W.2    van Ballegooij, A.R.3
  • 8
    • 48949095226 scopus 로고    scopus 로고
    • The impact of Microsoft Windows pool allocation strategies on memory forensics
    • September
    • Andreas Schuster. The impact of Microsoft Windows pool allocation strategies on memory forensics. Digital Investigation Volume 5, Supplement 1, September 2008, Pages S58-S64.
    • (2008) Digital Investigation , vol.5 , Issue.SUPPL. 1
    • Schuster, A.1
  • 10
    • 78651524455 scopus 로고    scopus 로고
    • Win32dd - a free kernel land and 100% open -source tool to acquire physical memory
    • Win32dd - a free kernel land and 100% open -source tool to acquire physical memory. http://win32dd.msuiche.net/.
  • 11
    • 78651524849 scopus 로고    scopus 로고
    • Microsoft. Windows feature lets you generate a memory dump file by using the keyboard
    • Microsoft. Windows feature lets you generate a memory dump file by using the keyboard.
  • 13
  • 14
    • 33847398384 scopus 로고    scopus 로고
    • Using every part of the buffalo in windows memory analysis
    • Kornblum Jesse D. Using every part of the buffalo in windows memory analysis. Digital Investigation 2007;4:24-9.
    • (2007) Digital Investigation , vol.4 , pp. 24-29
    • Kornblum, J.D.1
  • 15
    • 33745993901 scopus 로고    scopus 로고
    • Searching for processes and threads in Microsoft windows memory dumps
    • Schuster Andreas. Searching for processes and threads in Microsoft windows memory dumps. Digital Investigation 2006;3; 10-6
    • (2006) Digital Investigation , vol.3 , pp. 10-16
    • Andreas, S.1
  • 16
    • 84870791824 scopus 로고    scopus 로고
    • Rich Text Format (RTF), version 1.6
    • Rich Text Format (RTF) Specification, version 1.6 http://msdn.microsoft.com/en-us/library/aa140277.aspx.
    • Specification
  • 17
    • 68749122104 scopus 로고    scopus 로고
    • Collecting Sensitive Information from Windows Physical Memory
    • January
    • Qian Zhao, Tianjie Cao. Collecting Sensitive Information from Windows Physical Memory, Journal of Computer, pp. 3-10, Volume 4, Number 1, January 2009.
    • (2009) Journal of Computer , vol.4 , Issue.1 , pp. 3-10
    • Zhao, Q.1    Cao, T.2

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.