| 发明名称 | System and method for forensic identification of elements within a computer system | ||
| 摘要 | A system and method for employing memory forensic techniques to determine operating system type, memory management configuration, and virtual machine status on a running computer system. The techniques apply advanced techniques in a fashion to make them usable and accessible by Information Technology professionals that may not necessarily be versed in the specifics of memory forensic methodologies and theory. | ||
| 申请公布号 | US8881271(B2) | 申请公布日期 | 2014.11.04 |
| 申请号 | US200812184898 | 申请日期 | 2008.08.01 |
| 申请人 | Mandiant, LLC | 发明人 | Butler, II James Robert |
| 分类号 | G06F12/14;H04L29/06;H04L9/32;G06F9/44;G06F21/57 | 主分类号 | G06F12/14 |
| 代理机构 | Polsinelli PC | 代理人 | Rehm Adam C.;Polsinelli PC |
| 主权项 | 1. A method of forensically analyzing data comprising: accessing a plurality of values representing data contained within a memory of a computer system; searching the plurality of values for a first identifying characteristic that indicates an operating system; upon finding the first identifying characteristic, searching for a second identifying characteristic that indicates an operating system; measuring a distance within the memory of the computer system between (i) the first identifying characteristic and (ii) the second identifying characteristic; and determining, from the distance between (i) the first identifying characteristic and (ii) the second identifying characteristic, a type and a version of an operating system loaded into the computer system's memory. | ||
| 地址 | Milpitas CA US | ||