Open Access
Issue |
JNWPU
Volume 39, Number 5, October 2021
|
|
---|---|---|
Page(s) | 1139 - 1149 | |
DOI | https://doi.org/10.1051/jnwpu/20213951139 | |
Published online | 14 December 2021 |
- Mosli R, Li R, Yuan B, et al. Automated malware detection using artifacts in forensic memory images[C]//2016 IEEE Symposium on Technologies for Homeland Security, 2016: 1–4 [Google Scholar]
- Zhang Yu, Liu Qingzhong, Li Dao, et al. Memory forensics research and progress[J]. Journal of Software, 2015, 26(5) : 1151–1172 [Article] (in Chinese) [Google Scholar]
- Block F, Dewald A. Linux memory forensics: dissecting the user space process heap[J]. Digital Investigation, 2017, 8: 66–75 [Google Scholar]
- Zhang J F, Chengyuan E, Hu A Q. A method of android application forensics based on heap memory analysis[C]//Proceedings of 2nd International Conference on Computer Science and Application Engineering, 2018: 1–5 [Google Scholar]
- Cohen M. Forensic analysis of windows user space applications through heap allocations[C]//3rd IEEE International Workshop on Security and Forensics in Communication Systems, 2015: 1138–1145 [Google Scholar]
- Ligh H M, Case A, Levy J, et al. The art of memory forensics: detecting malware and threats in windows, linux, and mac memory[M]. USA: John Wily & Sons, Inc, 2014 [Google Scholar]
- Mark V Y. Windows 10 segment heap internals[EB/OL]. (2016-05-18)[2020-03-04]. https://www.blackhat.com/docs/us-16/materials/us-16-Yason-Windows-10-Segment-Heap-Internals-wp.pdf [Google Scholar]
- Schuster A. Searching for processes and threads in microsoft windows memory dumps[J]. Digital Investigation, 2006, 3: 10–16. [Article] [CrossRef] [Google Scholar]
- Zhai Jiqiang, Xiao Yajun, Yang Hailu, et al. Windows kernel driven object scanning based on memory pool marking fast scanning technology[J]. Journal of Northwest Polytechnic University, 2019, 37(5) : 1044–1052. [Article] [Article] (in Chinese) [CrossRef] [EDP Sciences] [Google Scholar]
- Schuster A. The impact of microsoft windows pool allocation strategies on memory forensics[J]. Digital Investigation, 2008, 5: 58–64. [Article] [Google Scholar]
- Freiling F, Tobias G, Latzo T, et al. Advances in forensic data acquisition[J]. IEEE Design & Test, 2018, 35(5) : 63–74 [CrossRef] [Google Scholar]
- Luuc V D H, Choo K K R, Le-Khac N A. Process memory investigation of the bitcoin clients electrum and bitcoin core[J]. IEEE Access, 2017, 5: 22385–22398. [Article] [CrossRef] [Google Scholar]
- Singh A, Sharma P, Nath R. Role of hibernation file in memory forensics of windows 10[J]. International Journal of Scientific & Engineering Research, 2016, 7(12) : 42–47 [Google Scholar]
- Lewis Nathan, Case Andrew, Ali-Gombe Aisha, et al. Memory forensics and the windows subsystem for linux[J]. Digital Investigation, 2018, 26 (suppl 1): 3–11 [Google Scholar]
- Li Zhankui. Code injection attack detection method based on memory dump analysis[D]. Xi'an: Xi'an University of Electronic Science and Technology, 2019 (in Chinese) [Google Scholar]
- Socaia A, Cohen M. Automatic profile generation for live linux memory analysis[J]. Digital Investigation, 2016, 16: 11–24. [Article] [Google Scholar]
Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.
Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.
Initial download of the metrics may take a while.