Computer Engineering and Applications ›› 2009, Vol. 45 ›› Issue (18): 74-77.DOI: 10.3778/j.issn.1002-8331.2009.18.024
• 研发、设计、测试 • Previous Articles Next Articles
GUO Mu,WANG Lian-hai
Received:
Revised:
Online:
Published:
Contact:
郭 牧,王连海
通讯作者:
Abstract: This paper describes the function of computer live forensics,and sums up the researches on computer physical memory forensics analysis.Then a new method of Windows memory forensics analysis is proposed,which is much reliable than other methods.This method is very useful in computer live forensics.
摘要: 介绍了计算机在线取证方式的优势,总结了目前国外在计算机物理内存分析的研究现状及其存在的不足,在此基础上提出了一种新的Windows物理内存分析方法——基于KPCR结构的物理内存分析方法。与传统的物理内存方法相比,这种方法更为可靠,适用范围更广,具有很高的实用价值。
GUO Mu,WANG Lian-hai. Windows physical memory analysis method based on KPCR structure[J]. Computer Engineering and Applications, 2009, 45(18): 74-77.
郭 牧,王连海. 基于KPCR结构的Windows物理内存分析方法[J]. 计算机工程与应用, 2009, 45(18): 74-77.
0 / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://cea.ceaj.org/EN/10.3778/j.issn.1002-8331.2009.18.024
http://cea.ceaj.org/EN/Y2009/V45/I18/74
