Open Access
Issue
JNWPU
Volume 40, Number 3, June 2022
Page(s) 699 - 707
DOI https://doi.org/10.1051/jnwpu/20224030699
Published online 19 September 2022
  1. ALICIA F, ALASTAIR N. Forensic analysis and data recovery from water-submerged hard drives[J]. International Journal of Electronic Security and Digital Forensics, 2020, 13(2): 219–231 [Google Scholar]
  2. ZOLLNER S, CHOO K R, LE-KHAC N, et al. An automated live forensic and postmortem analysis tool for bitcoin on windows systems[J]. IEEE Access, 2019, 7: 158250–158263. [Article] [CrossRef] [Google Scholar]
  3. DIOGO B, TIAGO B, DAVID D, et al. Forensic analysis of communication records of messaging applications from physical memory[J]. Computers and Security, 2019, 86: 484–497. [Article] [CrossRef] [Google Scholar]
  4. ZHANG Yu, LIU Qingzhong, LI Tao, et al. Research and development of memory forensics[J]. Journal of Software, 2015, 26(5): 1151–1172. [Article] (in Chinese) [Google Scholar]
  5. ZHAI Jiqiang, XIAO Yajun, YANG Hailu, et al. Object scanning of Windows kernel driver based on pool tag quick scanning[J]. Journal of Northwestern Polytechnical University, 2019, 37(5): 1044–1052. [Article] (in Chinese) [CrossRef] [EDP Sciences] [Google Scholar]
  6. CHEN Zhifeng, LI Qingbao, ZHANG Ping, et al. Kernel integrity measurement method based on memory forensic[J]. Journal of Software, 2016, 27(9): 2443–2458. [Article] (in Chinese) [Google Scholar]
  7. AKABANE S, MIWA T, OKAMOTO T. An EAF guard driver to prevent shellcode from removing guard pages[J]. Procedia Computer Science, 2019, 159: 2432–2439 [Article] [CrossRef] [Google Scholar]
  8. YU Yongbin, YU Wenjian, MO Jiehong, et al. Research on detection of dynamic link library injected by static modifying import table of portable executable file[J]. Journal of University of Electronic Science and Technology of China, 2020, 49(6): 854–859 [Article] (in Chinese) [Google Scholar]
  9. GAVITT D. The VAD tree: a process-eye view of physical memory[J]. Digital Investigation, 2007, 4: 62–64. [Article] [CrossRef] [Google Scholar]
  10. WHITE A, SCHATZ B, FOO E. Surveying the user space through user allocations[J]. Digital Investigation, 2012, 9(suppl): 3–12 [Google Scholar]
  11. ZHAI Jiqiang, CHEN Pan, XU Xiao, et al. The memory forensic research oriented to segment heap in Windows 10 system[J]. Journal of Northwestern Polytechnical University, 2021, 39(5): 1139–1149. [Article] (in Chinese) [NASA ADS] [CrossRef] [EDP Sciences] [Google Scholar]
  12. OTSUKI Y, KAWAKOYA Y, IWAMURA M, et al. Building stack traces from memory dump of Windows x64[J]. Digital Investigation, 2018, 24(suppl): 101–110 [Google Scholar]
  13. MICROSOFT Documentation. Debugging using WinDbg preview[EB/OL]. (2010-01-16)[2021-06-08]. https://docs.microsoft.com/zh-cn/windows-hardware/drivers/debugger/debugging-using-windbg [Google Scholar]
  14. LIGH M, CASE A, LEVY J, et al. The art of memory forensics: detecting malware and threats in windows, linux, and macmemory[M]. New York: John Wily & Sons, Inc, 2014 [Google Scholar]
  15. Rekall memory forensic framework[EB/OL]. (2020-10-18)[2021-06-08]. https://github.com/google/rekall [Google Scholar]
  16. Microsoft Documentation. VMMap v3.31[EB/OL](2020-11-04)[2021-06-08]. https://docs.microsoft.com/en-us/sysinternals/down-loads/vmmap [Google Scholar]
  17. BLOCK F, DEWALD A. Memory forensics: detecting(un) intentionally hidden injected code by examining page table entries[J]. Digital Investigation, 2019, 29(suppl): 3–12 [Google Scholar]

Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.

Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.

Initial download of the metrics may take a while.