Memory analysis gains a weight in the area of computer live forensics.How to get network connection information is one of the challenges in memory analysis and plays an important role in identifying sources of malicio...Memory analysis gains a weight in the area of computer live forensics.How to get network connection information is one of the challenges in memory analysis and plays an important role in identifying sources of malicious cyber attack. It is more difficult to fred the drivers and get network connections information from a 64-bit windows 7 memory image file than from a 32-bit operating system memory image f'de. In this paper, an approach to fred drivers and get network connection information from 64-bit windows 7 memory images is given. The method is verified on 64-bit windows 7 version 6.1.7600 and proved reliable and efficient.展开更多
基金This work is supported by the National Natural Science Foundation of China(61070163) and Shandong Natural Science Foundation (Y2008G35).
文摘Memory analysis gains a weight in the area of computer live forensics.How to get network connection information is one of the challenges in memory analysis and plays an important role in identifying sources of malicious cyber attack. It is more difficult to fred the drivers and get network connections information from a 64-bit windows 7 memory image file than from a 32-bit operating system memory image f'de. In this paper, an approach to fred drivers and get network connection information from 64-bit windows 7 memory images is given. The method is verified on 64-bit windows 7 version 6.1.7600 and proved reliable and efficient.
