Identifying the unknown in user space memory
| Data(s) |
2013
|
|---|---|
| Resumo |
This thesis is a study of how the contents of volatile memory on the Windows operating system can be better understood and utilised for the purposes of digital forensic investigations. It proposes several techniques to improve the analysis of memory, with a focus on improving the detection of unknown code such as malware. These contributions allow the creation of a more complete reconstruction of the state of a computer at acquisition time, including whether or not the computer has been infected by malicious code. |
| Formato |
application/pdf |
| Identificador | |
| Publicador |
Queensland University of Technology |
| Relação |
http://eprints.qut.edu.au/64181/1/Andrew_White_Thesis.pdf White, Andrew J. (2013) Identifying the unknown in user space memory. PhD thesis, Queensland University of Technology. |
| Fonte |
School of Electrical Engineering & Computer Science; Institute for Future Environments; Science & Engineering Faculty |
| Palavras-Chave | #Memory Forensics #User Space Memory #Malware Detection #Windows #Digital Forensics |
| Tipo |
Thesis |
