Undocumented Windows 2000 secrets: a programmer's cookbook
Undocumented Windows 2000 secrets: a programmer's cookbook
A new logic for electronic commerce protocols
Theoretical Computer Science - Special issue: Algebraic methodology and software technology
Automated Analysis for Digital Forensic Science: Semantic Integrity Checking
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Security Warrior
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
Model-based intrusion detection system design and evaluation
Model-based intrusion detection system design and evaluation
Finite state machine approach to digital event reconstruction
Digital Investigation: The International Journal of Digital Forensics & Incident Response
FACE: Automated digital evidence discovery and correlation
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Treasure and tragedy in kmem_cache mining for live forensics investigation
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Extraction of forensically sensitive information from windows physical memory
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
Forensics memory analysis has recently gained great attention in cyber forensics community. However, most of the proposals have focused on the extraction of important kernel data structures such as executive objects from the memory. In this paper, we propose a formal approach to analyze the stack memory of process threads to discover a partial execution history of the process. Our approach uses a process logic to model the extracted properties from the stack and then verify these properties against models generated from the program assembly code. The main focus of the paper is on Windows thread stack analysis though the same idea is applicable to other operating systems.