Windows memory analysis issues and Linux memory analysis footnotes
- Authors
- Corporate Authors
- Defence Research and Development Canada, Valcartier Research Centre, Quebec QC (CAN)
- Abstract
- The purpose of this work was to identify and document the various issues that in the opinion of the author remain concerning Windows memory analysis. Minor Linux specific memory analysis issues are also discussed. Too often, publicly available memory analysis specific case studies, analyses, books, guides and how-to gloss over analysis problems including current limitations, pitfalls and caveats. Finding documentation discussing these issues is problematic as no single useful source could be found after multiple searches. Because of this, and based on the work already conducted by the author in his public and private memory analysis case studies, this report highlights and examines the more important remaining memory analysis issues. The author proposes a very short manual methodology for analysing damaged or corrupted memory images.
- Keywords
- Forensics
- Report Number
- DRDC-RDDC-2017-R004 — Scientific Report
- Date of publication
- 01 Jan 2017
- Number of Pages
- 30
- DSTKIM No
- CA044524
- CANDIS No
- 805065
- Format(s):
- Electronic Document(PDF)
Document 1 of 1
- Date modified: