Linux memory forensics: Dissecting the user space process heap
نویسندگان
چکیده
منابع مشابه
Linux Memory Forensics: Dissecting the User Space Process Heap
The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process lists, network connections, and so on) and in particular on the Microsoft Windows operating system, this work focuses on Linux user space processes as they might also contain valuable ...
متن کاملLinux Memory Forensics: Searching For Processes
Physical memory is a useful information source in a forensic examination, but the research on memory forensics is still in the early stage. Once the processes are located, computer forensic personnel can acquire the opened files, the network connections via further processing. This paper proposed methods of searching for process descriptors in Linux dump file. Our experiments shows that our met...
متن کاملiPoJ: User-Space Sandboxing for Linux 2.4
The Internet is a dangerous place. Both naı̈ve and educated users routinely become infected with viruses and accidentally run spyware despite widespread knowledge of such risks and how to avoid them. Clearly, user education is a dead-end. Another approach is to finely limit what different applications can do so that viruses and malware can’t do any damage in the first place. We observed that sys...
متن کاملVolatools: Integrating Volatile Memory Forensics into the Digital Investigation Process
In this work, we demonstrate the integral role of volatile memory analysis in the digital investigation process and how that analysis can be used to help address many of the challenges facing the digital forensics community. We also provide a look at some of the shortcomings of existing approaches to live response. Finally, we provide the technical details for extracting in-memory cryptographic...
متن کاملPULSE: a Pluggable User-space Linux Security Environment paper
The discretionary access controls (DAC) employed by traditional operating systems only provide system administrators and users with a loose ability to specify the security policies of the system. In contrast, mandatory access controls (MAC) provide a stronger, finer-grained mechanism for specifying and enforcing system security policies. A related security concept called the principle of least ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Digital Investigation
سال: 2017
ISSN: 1742-2876
DOI: 10.1016/j.diin.2017.06.002