期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

面向Windows操作系统的内存取证技术研究 被引量:2

Study of Memory Forensics Technology Oriented to Windows Operating System
在线阅读 下载PDF
导出
摘要 传统的计算机取证方法收集被攻击的计算机磁盘等能持久化保存数据的介质。但是随着磁盘存储能力的提升以及数据加密等技术的发展,使用原来针对硬盘的取证方法获取数据进行分析变得越来越困难。对计算机的取证开始采用其他数据源,包括计算机内存中易失性的信息。对Windows操作系统的主要内存获取、分析方法以及内存取证过程进行介绍,采用分析和对比的手段对每种方法的特点、优势和不足进行比较,得出比较结果并给出计算机犯罪内存取证领域未来需要研究的方向。 Traditional methods of memory acquisition focus on the persistent data of disk or hard disk in the attacked computers.However,as the growing use of encryption routines or rapidly increasing storage capabilities of hard drives,it is very difficult to get data in time with the original method that is meant for persistent data.So in the field of computer forensics,people start to change the data source and focus on the volatile information in RAM.This paper specifically describes the prevailing methods of memory acquisition and analysis and the process of memory forensics.It explains the characteristics of each method and gives the advantage and disadvantage of them.In the end,it concludes all these methods and gives some suggestions of the future of computer forensics.
作者 钱勤 董步云 唐哲 伏晓 茅兵
机构地区 江苏省高级人民法院技术处 南京大学软件学院 南京大学计算机软件新技术国家重点实验室
出处 《计算机工程》 CAS CSCD 2014年第8期310-317,共8页 Computer Engineering
基金 国家自然科学基金资助项目(61100198) 国家"973"计划基金资助项目(2010CB327903)
关键词 网络犯罪 计算机取证 内存取证 内存获取 内存分析 易失性信息 内存取证过程 cybercrime computer forensics memory forensics memory acquisition memory analysis volatile information process of memory forensics
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献50

  • 1Vomel S,Freiling F C.A Survey of Main Memory Acquisition and Analysis Techniques for the Windows Operating Sy stem[J].Digital Investigation,2011,8 (1):3-22.
  • 2Computer Security Institute.14th Annual CSI Computer Crime and Security Survey[EB/OL].(2009-12-05).http://www.personal.utulsa.edu/~ james-childress/cs5493/CSISurvey/CSISurvey2009.pdf.
  • 3DFRWS.DFRWS 2005 Forensics Challenge[EB/OL].(2005-05-14).http://www.dfrws.org/2005/challenge.
  • 4Kruse W G,Heiser J G.Computer Forensics:Incident Response Essentials[M].[S.l.]:Addison-Wesley Professional,2001.
  • 5孙波,孙玉芳,张相锋,梁彬.电子数据职证研究概述[J].计算机科学,2005,32(2):13-19. 被引量:13
  • 6National Institute of Justice.Electronic Crime Scene Investigation A Guide for First Responders[EB/OL].(2001-07-23).http://www.ncjrs.org/pdffiles1/nij/187736.pdf.
  • 7Reith M,Carr C,Gunsch G.An Examination of Digital Forensic Models[J].International Journal of Digital Evidence,2002,1 (3):3-5.
  • 8Carrier B,Spafford E H.Getting Physical with the Investigative Process[J].International Journal of Digital Evidence,2003,2 (2):2-4.
  • 9ACPO.Association of Chief Police Officers[EB/OL].(2011-06-12).http://www.acpo.police.uk/.
  • 10IOCE.International Organization for Cooperation in Evaluation[EB/OL].(2009-11-10).http://www.ioce.net/index.php.

二级参考文献31

  • 1孙波,孙玉芳,张相锋,梁彬.电子数据证据收集系统保护机制的研究与实现[J].电子学报,2004,32(8):1374-1380. 被引量:8
  • 2Adams D E,Lothridge K L. Scientific Working Groups. Forensic Science Communications, 2000,2 (3).?A
  • 3Carrier B,Spafford E. Getting physical with the digital forensics investigation. International Journal of Digital Evidence, Winter 2003.
  • 4Casey E. Digital Evidence and Computer Crime. Academic Press,2001.
  • 5Computer Forensics,et al. http: //www. computer-forensics. com.
  • 6Digital Forensics Research Workshop. A Road Map for Digital Forensics Research. www. dfrws. org,2001.
  • 7Farmer D,Venema W. Computer Forensics Analysis Class Handouts. http: // www. fish. com/forensics/class. html, 1999.
  • 8Fisch E A,White G B,et al. The Design of An Audit Trail Analysis Tool. IEEE, 1994.
  • 9Guidance Software. inc. http: //www. encase. com.
  • 10International Organization on Computer Evidence. Digital evidence. standards and principles. http: //www. fbi. gov,May 2003.

共引文献12

同被引文献3

引证文献2

二级引证文献1

计算机工程
2014年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部