Research Article
Network Connections Information Extraction of 64-Bit Windows 7 Memory Images
566 downloads
@INPROCEEDINGS{10.1007/978-3-642-23602-0_8, author={Lianhai Wang and Lijuan Xu and Shuhui Zhang}, title={Network Connections Information Extraction of 64-Bit Windows 7 Memory Images}, proceedings={Forensics in Telecommunications, Information, and Multimedia. Third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, Revised Selected Papers}, proceedings_a={E-FORENSICS}, year={2012}, month={10}, keywords={computer forensics computer live forensics memory analysis digital forensics}, doi={10.1007/978-3-642-23602-0_8} }- Lianhai Wang
Lijuan Xu
Shuhui Zhang
Year: 2012
Network Connections Information Extraction of 64-Bit Windows 7 Memory Images
E-FORENSICS
Springer
DOI: 10.1007/978-3-642-23602-0_8
Abstract
Memory analysis technique is a key element of computer live forensics, and how to get status information of network connections is one of the difficulties of memory analysis and plays an important roles in identifying attack sources. It is more difficult to find the drivers and get network connections information from a 64-bit win7 memory image file than its from a 32-bit operating system memory image file. In a this paper, We will describe the approachs to find drivers and get network connection information from windows 7 memory images. This method is reliable and efficient. It is verified on Windows version 6.1.7600.
Copyright © 2010–2024 ICST
