SCOPUS 정보 검색 플랫폼

Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011

Volumn , Issue , 2011, Pages 1253-1258

Comparative analysis of volatile memory forensics, live response vs. memory imaging

(5) Aljaedi, Amer a Lindskog, Dale a Zavarsky, Pavol a Ruhl, Ron a Almari, Fares a

a Department of Philosophy and Religious Studies (Canada)

Author keywords

Incident response; Live response; Memory analysis; Volatile data forensics

Indexed keywords

ALTERNATIVE APPROACH; ALTERNATIVE METHODS; COMPARATIVE ANALYSIS; DIGITAL FORENSIC; DIGITAL INVESTIGATION; INCIDENT RESPONSE; LIVE RESPONSE; MEMORY ANALYSIS; MEMORY CAPACITY; RUNNING TASKS; VOLATILE DATA; VOLATILE MEMORY;

IMAGE ANALYSIS;

COMPUTER CRIME;

EID: 84856143282 PISSN: None EISSN: None Source Type: Conference Proceeding
DOI: 10.1109/PASSAT/SocialCom.2011.68 Document Type: Conference Paper

Times cited : (31)

References (24)

1
- 3042731401
- A hardware-based memory acquisition procedure for digital investigations
- February
- B. D. Carrier and J. Grand, "A hardware-based memory acquisition procedure for digital investigations, " Digital Investigation, vol. 1, pp. 50-60, February 2004.
- (2004) Digital Investigation , vol.1 , pp. 50-60
- Carrier, B.D.¹ Grand, J.²

2
- 79961062006
- Finding digital evidence in physical memory
- Sheraton Crystal City, Washington DC, January
- M. Burdach, "Finding digital evidence in physical memory, " presented at 2006 Black Hat Federal Conference. Sheraton Crystal City, Washington DC, January 2006.
- (2006) Presented at 2006 Black Hat Federal Conference
- Burdach, M.¹

3
- 2442553392
- [Online], Available
- CAIDA Analysis of Code-Red. (2001). [Online]. Available: http://www.caida.org/research/security/code-red/.
- (2001) CAIDA Analysis of Code-Red

4
- 3042727238
- [Online], Available
- SQL Slammer worm propagation. (2003). [Online]. Available: http://xforce.iss.net/xforce/xfdb/11153.
- (2003) SQL Slammer Worm Propagation

5
- 78651080494
- NIST Special Publication 800-61, [Online]. Available
- NIST Special Publication 800-61, Computer Security Incident Handling Guide, 2008. [Online]. Available:http://csrc.nist.gov/publications/nistpubs/800- 61-rev1/SP800-61rev1.pdf.
- (2008) Computer Security Incident Handling Guide

6
- 84856155041
- RFC 3227 standard of evidence collection
- [Online], Available
- RFC 3227 standard of evidence collection, Guidelines for Evidence Collection and Archiving. [Online]. Available: http://tools.ietf.org/html/ rfc3227.
- Guidelines for Evidence Collection and Archiving

7
- 84856194929
- Incident handling step-by-step and computer crime investigation
- SANS Institute
- Incident Handling Step-by-Step and Computer Crime Investigation, In Security 504 Hacker Techniques, Exploits, and Incident Handling. SANS Institute, 2008.
- (2008) Security 504 Hacker Techniques, Exploits, and Incident Handling

8
- 72449162905
- 2nd ed. April, [Online]. Available
- Electronic Crime Scene Investigation: A Guide for First Responders, 2nd ed., April 2008. [Online]. Available: http://www.ncjrs.gov/pdffiles1/nij/219941. pdf.
- (2008) Electronic Crime Scene Investigation: A Guide for First Responders

9
- 74549155815
- Computer forensics: Results of live response inquiry vs. Memory image analysis
- CMU/SEI-2008-TN-017, August
- C. Waits, J. Akinyele, R. Nolan, and L. Rogers, "Computer forensics: results of live response inquiry vs. memory image analysis, " CERT program, CMU/SEI-2008-TN-017, August 2008.
- (2008) CERT Program
- Waits, C.¹ Akinyele, J.² Nolan, R.³ Rogers, L.⁴

10
- 77955353210
- Treasure and tragedy in kmem-cache mining for live forensics investigation
- A. Case, L. Marziale, C. Neckar, and G. Richard, "Treasure and tragedy in kmem-cache mining for live forensics investigation, " Digital Investigation, vol.7, pp. S32-S40, 2010.
- (2010) Digital Investigation , vol.7
- Case, A.¹ Marziale, L.² Neckar, C.³ Richard, G.⁴

11
- 77955353210
- Dynamic recreation of kernel data structures for live forensics
- A. Case, L. Marziale, and G. Richard, "Dynamic recreation of kernel data structures for live forensics, " Digital Investigation, vol. 7, pp. S41-S47, 2010.
- (2010) Digital Investigation , vol.7
- Case, A.¹ Marziale, L.² Richard, G.³

12
- 77952270001
- M.S. thesis, Dept. Computer science, Naval Postgraduate School, March
- J. M. Urrea, "An Analysis of Linux Ram Forensics, " M.S. thesis, Dept. Computer science, Naval Postgraduate School, March 2006.
- (2006) An Analysis of Linux Ram Forensics
- Urrea, J.M.¹

13
- 38149088225
- unpublished, March, [Online]. Available
- M. Burdach, "Digital Forensics of the Physical Memory, " unpublished, March 2005. [Online]. Available: http://strony.aster.pl/forensics/ pdf/mburdach-digital-forensics-of-physical-memory.pdf.
- (2005) Digital Forensics of the Physical Memory
- Burdach, M.¹

14
- 48749115314
- FACE: Automated digital evidence discovery and correlation
- A. Case, A. Cristina, L. Marziale, G. Richard, and V. Roussev, "FACE: Automated digital evidence discovery and correlation, " Digital Investigation, vol. 5, pp. S65-S75, 2008.
- (2008) Digital Investigation , vol.5
- Case, A.¹ Cristina, A.² Marziale, L.³ Richard, G.⁴ Roussev, V.⁵

15
- 84856173845
- [Online], Available
- Digital Forensics Solutions. [Online]. Available: http://dfsforensics. blogspot.com/2011/03/bringing-linux-support-to-volatility.html.
- Digital Forensics Solutions

16
- 84856155043
- [Online], Available
- Red Hat Crash Utility. [Online]. Available: http://people.redhat.com/ Anderson/crash-whitepaper/.
- Red Hat Crash Utility

17
- 84856173846
- [Online], Available
- Net Analysis, Digital Detective. [Online]. Available: http://www.digital-detectiv.co.uk/netanalysis.asp.
- Net Analysis, Digital Detective

18
- 84856180369
- Access Date, [Online]. Available
- Access Date, Decryption and Password Cracking Software. [Online]. Available:http://accessdata.com/products/computer-forensics/decryption.
- Decryption and Password Cracking Software

19
- 84856194933
- [Online], Available
- EnCase, New EnCase Forensic Packs Encryption Punch. [Online]. Available: http://investors.guidancesoftware.com/releasedetail.cfm?releaseid=528370.
- EnCase, New EnCase Forensic Packs Encryption Punch

20
- 84856194932
- Beyond processes
- 1st ed. Addison-Wesley, ch. 8
- D. Farmer and W. Venema, "Beyond processes" in Forensic Discovery, 1st ed. Addison-Wesley, 2004, ch. 8, pp. 161-185.
- (2004) Forensic Discovery , pp. 161-185
- Farmer, D.¹ Venema, W.²

21
- 84856196351
- [Online], Available
- DFRWS 2008 Forensics Challenge Results. [Online]. Available:http://www. dfrws.org/2008/challenge/results.shtml.
- (2008) Forensics Challenge Results

22
- 78149323966
- [Online], Available
- DFRWS 2005 Forensics Challenge. [Online]. Available: http://www.dfrws. org/2005/challenge/.
- (2005) Forensics Challenge

23
- 74049091891
- Volatools: Integrating volatile memory forensics into the digital investigation process
- February
- A. Walters and N. Petroni, "Volatools: integrating volatile memory forensics into the digital investigation process, " Black Hat DC 2007, February 2007.
- (2007) Black Hat DC 2007
- Walters, A.¹ Petroni, N.²

24
- 84856180370
- [Online], Available
- Volatile Systems website. [Online]. Available: https://www. Volatilesystems.com/default/volatility#overview.
- Volatile Systems Website

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.