Windows Memory Analysis Based on KPCR

机译：基于KPCR的Windows内存分析

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

This paper briefiy introduces the challenges facing collection of volatile data in a target computer. Resons to favor physical memory analysis are also given. After describing the related work of the memory analysis, details of a windows memory analysing method are given through which it is possible to extract useful information, such as running processes, current network connections, file contents, etc., from a memory image. The method is based on a data structure in windows known as Kernel Processor Control Region, or KPCR. Besides, details of address translation from virtual address to physical address are thoroughly discussed and an algorithm of address translation for practice is given. This method is verified on Windows XP SP2, Windows 2003 Server SP2 and Windows Vista Home Basic.

机译：本文简要介绍了目标计算机中易失性数据收集所面临的挑战。还提供了支持物理内存分析的方法。在描述了内存分析的相关工作之后，给出了Windows内存分析方法的详细信息，通过该方法可以从内存映像中提取有用的信息，例如运行进程，当前网络连接，文件内容等。该方法基于称为内核处理器控制区域或KPCR的窗口中的数据结构。此外，还详细讨论了从虚拟地址到物理地址的地址转换的细节，并给出了一种实用的地址转换算法。在Windows XP SP2，Windows 2003 Server SP2和Windows Vista Home Basic上已验证此方法。

著录项

来源
《The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议）论文集》|2009年|677-680|共4页
会议地点 Xian(CN);Xian(CN)
作者
Ruichao Zhang; Lianhai Wang; Shuhui Zhang;
展开▼
作者单位

Shandong Computer Science Center 19 Keyuan Road,Jinan 250014,P.R.China;

Shandong Computer Science Center 19 Keyuan Road,Jinan 250014,P.R.China;

Shandong Computer Science Center 19 Keyuan Road,Jinan 250014,P.R.China;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类信息处理（信息加工）;
关键词
computer forensics; memory analysis; KPCR; address translation;

机译：计算机取证;内存分析; KPCR;地址转换;

相似文献

外文文献
中文文献
专利

1. Evaluation of the new Siemens kPCR PLX (R) Herpes Simplex virus 1 and 2 (HSV) and kPCR PLX (R) Varicella-Zoster virus (VZV) DNA assays. Comparison analysis with the HSV1/2, VZV R-gene (R) qualitative assay from bioMerieux [J] . Vazquez S., Saez E., Martin M. D., Journal of clinical virology: The official publication of the Pan American Society for Clinical Virology . 2015,第Null期

机译：新的西门子kPCR PLX（R）单纯疱疹病毒1和2（HSV）和kPCR PLX（R）水痘带状疱疹病毒（VZV）DNA分析的评估。使用bioMerieux的HSV1 / 2，VZV R基因（R）定性分析进行比较分析
2. Memory Allocation for Window-Based Image Processing on Multiple Memory Modules with Simple Addressing Functions [J] . Hasitha Muthumala WAIDYASOORIYA, Masanori HARIYAMA, Michitaka KAMEYAMA IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences . 2011,第1期

机译：具有简单寻址功能的多个内存模块上基于窗口的图像处理的内存分配
3. Postischemic fish oil treatment restores long-term retrograde memory and dendritic density: An analysis of the time window of efficacy [J] . Bacarin Cristiano Correia, Godinho Jaqueline, Weffort de Oliveira Rubia Maria, Behavioural Brain Research: An International Journal . 2016,第Null期

机译：缺血后鱼油治疗可恢复长期逆行记忆和树突密度：疗效时间窗分析
4. Windows Memory Analysis Based on KPCR [C] . Ruichao Zhang, Lianhai Wang, Shuhui Zhang International Conference on Information Assurance and Security . 2009

机译：基于KPCR的Windows内存分析
5. Analysis of Windows memory for forensic investigations. [D] . Hejazi, Seyed Mahmood. 2009

机译：分析Windows内存以进行法医调查。
6. Memory Window and Endurance Improvement of Hf0.5Zr0.5O2-Based FeFETs with ZrO2 Seed Layers Characterized by Fast Voltage Pulse Measurements [O] . Wenwu Xiao, Chen Liu, Yue Peng, 2019

机译：具有快速电压脉冲测量特性的ZrO2种子层的基于Hf0.5Zr0.5O2的FeFET的存储窗口和耐久性的提高
7. Windows Volatile Memory Forensics Based on Correlation Analysis [O] . Xiaolu Zhang, Liang Hu, Shinan Song, 2014

机译：基于相关分析的Windows易失性存储器取证
8. Forensically Robust Memory Image Acquisition Protocol Based on Windows Memory Analysis. [R] . De La Cruz, J. R., Duffany, J. 2012

机译：基于Windows内存分析的法医鲁棒记忆图像采集协议。

Windows Memory Analysis Based on KPCR

摘要

著录项

相似文献

相关主题

期刊订阅