Windows memory analysis issues and Linux memory analysis footnotes

PDF

Authors
  1. Carbone, R.
Corporate Authors
Defence Research and Development Canada, Valcartier Research Centre, Quebec QC (CAN)
Abstract
The purpose of this work was to identify and document the various issues that in the opinion of the author remain concerning Windows memory analysis. Minor Linux specific memory analysis issues are also discussed. Too often, publicly available memory analysis specific case studies, analyses, books, guides and how-to gloss over analysis problems including current limitations, pitfalls and caveats. Finding documentation discussing these issues is problematic as no single useful source could be found after multiple searches. Because of this, and based on the work already conducted by the author in his public and private memory analysis case studies, this report highlights and examines the more important remaining memory analysis issues. The author proposes a very short manual methodology for analysing damaged or corrupted memory images.

Il y a un résumé en français ici.

Keywords
Forensics
Report Number
DRDC-RDDC-2017-R004 — Scientific Report
Date of publication
01 Jan 2017
Number of Pages
30
DSTKIM No
CA044524
CANDIS No
805065
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: