| 从64位Windows 7系统物理内存镜像中提取网络连接信息的方法 |
| |
| 引用本文: | 王连海,徐丽娟,张淑慧.从64位Windows 7系统物理内存镜像中提取网络连接信息的方法[J].中国通信学报,2010,7(6):44-51. |
| |
| 作者姓名: | 王连海 徐丽娟 张淑慧 |
| |
| 摘 要: |
|
| 收稿时间: | 2011-06-21; |
A Method on Extracting Network Connection Information from 64-bit Windows 7 Memory Images |
| |
| Wang Lianhai,Xu Lijuan,Zhang Shuhui.A Method on Extracting Network Connection Information from 64-bit Windows 7 Memory Images[J].China communications magazine,2010,7(6):44-51. |
| |
| Authors: | Wang Lianhai Xu Lijuan Zhang Shuhui |
| |
| Affiliation: | Shandong Provincial Key Laboratory of Computer Network, Jinan 250014, P. R. China Shandong Computer Science Center, Jinan 250014, P. R. China |
| |
| Abstract: | Memory analysis gains a weight in the area of computer live forensics.How to get network connection information is one of the challenges in memory analysis and plays an important role in identifying sources of malicious cyber attack. It is more difficult to find the drivers and get network connections information from a 64-bit windows 7 memory image file than from a 32-bit operating system memory image file. In this paper, an approach to find drivers and get network connection information from 64-bit windows 7 memory images is given. The method is verified on 64-bit windows 7 version 6.1.7600 and proved reliable and efficient. |
| |
| Keywords: | computer forensics computer live forensics memory analysis digital forensics |
|
| 点击此处可从《中国通信学报》浏览原始摘要信息 |
|
点击此处可从《中国通信学报》下载全文 |
