A method to extract information of network connection status information from physical memory on Windows Vista operating system is proposed. Using this method, a forensic examiner can extract accurately the informatio...A method to extract information of network connection status information from physical memory on Windows Vista operating system is proposed. Using this method, a forensic examiner can extract accurately the information of current TCP/ IP network connection information, including IDs of processes which established connections, establishing time, local address, local port, remote address, remote port, etc., from a physical memory on Windows Xflsta operating system. This method is reliable and efficient. It is verified on Windows Vista, Windows Vista SP1, Windows Vista SP2.展开更多
In the past decades several theoretical Maxwell's demon models have been proposed to exhibit effects such as refrigerating, doing work at the cost of information, and some experiments have been carried out to realize...In the past decades several theoretical Maxwell's demon models have been proposed to exhibit effects such as refrigerating, doing work at the cost of information, and some experiments have been carried out to realize these effects. We propose a model with a two-level demon, information represented by a sequence of bits, and two heat reservoirs. The reservoir that the demon is interacting with depends on the bit. When the temperature difference between the two heat reservoirs is large enough, the information can be erased. On the other hand, when the information is pure enough, heat transfer from one reservoir to the other can happen, resulting in the effect of refrigeration. Genuine examples of such a system are discussed.展开更多
基金This work is supported by the National Natural Science Foundation of China (61070163) and Shandong Natural Science Foundation (Y2008G35).
文摘A method to extract information of network connection status information from physical memory on Windows Vista operating system is proposed. Using this method, a forensic examiner can extract accurately the information of current TCP/ IP network connection information, including IDs of processes which established connections, establishing time, local address, local port, remote address, remote port, etc., from a physical memory on Windows Xflsta operating system. This method is reliable and efficient. It is verified on Windows Vista, Windows Vista SP1, Windows Vista SP2.
基金Supported by the National Basic Research Program of China under Grant No 2013CB921800the National Natural Science Foundation of China under Grant Nos 11227901,91021005,11104262,31470835,21233007,21303175,21322305,11374305 and 11274299the Strategic Priority Research Program(B)of the Chinese Academy of Sciences under Grant Nos XDB01030400 and 01020000
文摘In the past decades several theoretical Maxwell's demon models have been proposed to exhibit effects such as refrigerating, doing work at the cost of information, and some experiments have been carried out to realize these effects. We propose a model with a two-level demon, information represented by a sequence of bits, and two heat reservoirs. The reservoir that the demon is interacting with depends on the bit. When the temperature difference between the two heat reservoirs is large enough, the information can be erased. On the other hand, when the information is pure enough, heat transfer from one reservoir to the other can happen, resulting in the effect of refrigeration. Genuine examples of such a system are discussed.