期刊文献+
共找到1篇文章
< 1 >
每页显示 20 50 100
Hidden Process Offline Forensic Based on Memory Analysis in Windows 被引量:1
1
作者 CUI Jingsong ZHANG Heng +2 位作者 QI Jing PENG Rong ZHANG Manli 《Wuhan University Journal of Natural Sciences》 CAS CSCD 2017年第4期346-354,共9页
Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurat... Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurately detect those hidden processes by analyzing memory data.WVMI dumps in-memory data of the target Windows operating systems from hypervisor and retrieves EPROCESS structures’address of process linked list first,and then generates Data Type Confidence Table(DTCT).Next,it traverses the memory and identifies the similarities between the nodes in process linked list and the corresponding segments in the memory by utilizing DTCT.Finally,it locates the segments of Windows’EPROCESS and identifies the hidden processes by further comparison.Through extensive experiments,our experiment shows that the WVMI detects the hidden process with high identification rate,and it is independent of different versions of Windows operating system. 展开更多
关键词 virtual machine introspection hidden process detection process linked list memory forensics
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部