Open Access
Volume 37, Number 5, October 2019
Page(s) 1044 - 1052
Published online 14 January 2020
  1. Amrita H, Wonjun L. Hiding Kernel Level Rootkits Using Buffer Overflow and Return Oriented Programming[J]. Information Systems Security, 2017, (10717): 107–126 [Article] [Google Scholar]
  2. Wang Ning, Liu Zhijun, Mai Yonghao. Windows RootKit Detection and Forensics[J]. Netinfo Security, 2012, (2): 51–52 [Article] (in Chinese) [Google Scholar]
  3. Lan Yun, Li Baolin. The Digital Investigation and Forensics of Trojan Malware[J]. Netinfo Security, 2014, (5): 87–91 [Article] (in Chinse) [Google Scholar]
  4. Schuster A. Pool Allocations as an Information Source in Windows Memory Forensics[J]. IMF, 2006104–115 [Article] [Google Scholar]
  5. Cohen M. Characterization of the Windows Kernel Version Variability for Accurate Memory Analysis[J]. Digital Investigation, 2015, 12(1): 38–49 [Article] [CrossRef] [Google Scholar]
  6. Stüttgen J, Cohen M. Anti-Forensic Resilient Memory Acquisition[J]. Digital Investigation, 2013, 10: 105–115 [Article] [CrossRef] [Google Scholar]
  7. Stüttgen J, Vmel S, Denzel M. Acquisition and Analysis of Compromised Firmware Using Memory Forensics[J]. Digital Investigation, 2015, 12(1): S50–S60 [Article] [CrossRef] [Google Scholar]
  8. Joe T Sylve, Vico M, Golden G R. Pool Tag Quick Scanning for Windows Memory Analysis[J]. Digital Investigation, 2016, 16(suppl): S25–S32 [Article] [CrossRef] [Google Scholar]
  9. Schuster A. The Impact of Microsoft Windows Pool Allocation Strategies on Memory Forensics[J]. Digital Investigation, 2008, 5: S58–S64 [Article] [CrossRef] [Google Scholar]
  10. Cohen M. Scanning Memory with Yara[J]. Digital Investigation, 2017, 20: 34–43 [Article] [CrossRef] [Google Scholar]
  11. Solomon David A Russinovich. Windows Internals Part 2(Developer Reference)[M]. Beijing, Posts & Telecom Press, 2012, 213(in Chinese) [Google Scholar]
  12. Ligh M, Case A, Levy J. The Art of Memory Forensics[M]. Indianapolis, John Wiley & Sons 2014: 142–146 [Google Scholar]
  13. Quynh N A, Takefuji Y. Towards a Tamper-Resistant Kernel Rootkit Detector[C]//Proceedings of the 2007 ACM Symposium on Applied Computing, Seoul, Korea, 2007: 276–283 [Article] [Google Scholar]
  14. Wangtong L, Senlin L, Yu L, Limin P, Qamas S. A Kernel Stack Protection Model against Attacks from Kernel Execution Units[J]. Computers & Security, 2018, 72: 96–106 [Article] [CrossRef] [Google Scholar]
  15. Choi W, Park J, Byeon J. Dual-Mode Kernel Rootkit Scan and Recovery with Process ID Brute-Force[J]. Advanced Science Letters, 2017, 23(3): 1568–1572 [Article] [CrossRef] [Google Scholar]
  16. Zhang Yi. Windows Driver Library To Parse And Development[D]. Dalian, Dalian University of Technology, 2012 [Google Scholar]
  17. Chow J, Pfaff B, Garfinkel T, et al. Shredding Your Garbage:Reducing Data Lifetime through Secure Deallocation[J]. Usenix Security, 2005, 14: 22–22 [Article] [Google Scholar]
  18. Cohen M. Rekall Forensics blog: Adding Rekall's Windows 10 Support[EB/OL]. (2015-06-10)[2018-09-27]. [Article] [Google Scholar]
  19. Wu T, Disso J, Jones K. Towards a SCADA Forensics Architecture[C]//Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research, 2013: 12–21 [Article] [Google Scholar]

Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.

Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.

Initial download of the metrics may take a while.