Administration:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts & Telecom Press Co,.LTD
Published by: China InfoCom Media Group
ISSN 2096-109X CN 10-1366/TP
Successive memory image analysis method for malicious codes
Wei-ming LI1(),De-qing ZOU1,Guo-zhong SUN2
1 School of Computer Science, Huazhong University of Science and Technology, Wuhan 430074, China 2 Dawning Information Industry Co., Ltd., Beijing 100080, China
Wei-ming LI,De-qing ZOU,Guo-zhong SUN. Successive memory image analysis method for malicious codes[J]. Chinese Journal of Network and Information Security, 2017, 3(2): 20-30.
YIN L F . Study of physical memory forensic analysis method in computer forensics[J]. Computer Application and Software, 2010,27(12):295-298.
[5]
DOLAN-GAVITT B . Forensic analysis of the Windows registry in memory[J]. Digital Investigation. 2008,5(1):S26-S32.
[6]
OKOLICA J , PETERSON G L . Windows operating systems agnostic memory analysis[J]. Digital Investigation. 2010(7):S48-S56.
[7]
KORNBLUM J . Exploiting the Rootkit paradox with Windows memory analysis[J]. International Journal of Digital Evidence Fall. 2006,5(1):4.
[8]
STEVENS R M , CASEY E . Extracting Windows command line details from physical memory[J]. Digital investigation. 2010(7):S57-S63.
[9]
BERGERON J , DEBBABI M , DESHARNAIS J , et al. Static detec-tion of malicious code in executable programs[C]// BIBUV. 2005:1-5.
[10]
YIN H , SONG D , EGELE M , et al. Panorama: capturing sys-tem-wide information flow for malware detection and analysis[C]// The 14th ACM Conference on Computer and Communications Security. 2007:116-127.
[11]
WILLEMS C . CWSandbox: automatic behaviour analysis of mal-ware[J]. Digital Investigation. 2013,3(4):97-12.