کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
458235 | 696122 | 2007 | 12 صفحه PDF | دانلود رایگان |
عنوان انگلیسی مقاله ISI
Forensic memory analysis: From stack and code to execution history
دانلود مقاله + سفارش ترجمه
دانلود مقاله ISI انگلیسی
رایگان برای ایرانیان
کلمات کلیدی
موضوعات مرتبط
مهندسی و علوم پایه
مهندسی کامپیوتر
شبکه های کامپیوتری و ارتباطات
پیش نمایش صفحه اول مقاله
چکیده انگلیسی
Forensics memory analysis has recently gained great attention in cyber forensics community. However, most of the proposals have focused on the extraction of important kernel data structures such as executive objects from the memory. In this paper, we propose a formal approach to analyze the stack memory of process threads to discover a partial execution history of the process. Our approach uses a process logic to model the extracted properties from the stack and then verify these properties against models generated from the program assembly code. The main focus of the paper is on Windows thread stack analysis though the same idea is applicable to other operating systems.
ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Digital Investigation - Volume 4, Supplement, September 2007, Pages 114–125
Journal: Digital Investigation - Volume 4, Supplement, September 2007, Pages 114–125
نویسندگان
Ali Reza Arasteh, Mourad Debbabi,