Building stack traces from memory dump of Windows x64

Yuto Otsuki
Yuto Otsuki
Jun Miyoshi
Jun Miyoshi
Kazuhiko Ohkubo
Kazuhiko Ohkubo

Digital Investigation, pp. S101-S110, 2018.

Cited by: 1|Bibtex|Views0|DOI:https://doi.org/10.1016/j.diin.2018.01.013
EI
Other Links: dblp.uni-trier.de|academic.microsoft.com|www.sciencedirect.com

Abstract:

Stack traces play an important role in memory forensics as well as program debugging. This is because stack traces provide a history of executed code in a malware-infected host and this history could become a clue for forensic analysts to uncover the cause of an incident, i.e., what malware have actually done on the host. Nevertheless, ex...More

Code:

Data:

Your rating :
0

 

Tags
Comments