发明名称 |
System and method for forensic identification of elements within a computer system |
摘要 |
A system and method for employing memory forensic techniques to determine operating system type, memory management configuration, and virtual machine status on a running computer system. The techniques apply advanced techniques in a fashion to make them usable and accessible by Information Technology professionals that may not necessarily be versed in the specifics of memory forensic methodologies and theory. |
申请公布号 |
US8881271(B2) |
申请公布日期 |
2014.11.04 |
申请号 |
US200812184898 |
申请日期 |
2008.08.01 |
申请人 |
Mandiant, LLC |
发明人 |
Butler, II James Robert |
分类号 |
G06F12/14;H04L29/06;H04L9/32;G06F9/44;G06F21/57 |
主分类号 |
G06F12/14 |
代理机构 |
Polsinelli PC |
代理人 |
Rehm Adam C.;Polsinelli PC |
主权项 |
1. A method of forensically analyzing data comprising:
accessing a plurality of values representing data contained within a memory of a computer system; searching the plurality of values for a first identifying characteristic that indicates an operating system; upon finding the first identifying characteristic, searching for a second identifying characteristic that indicates an operating system; measuring a distance within the memory of the computer system between (i) the first identifying characteristic and (ii) the second identifying characteristic; and determining, from the distance between (i) the first identifying characteristic and (ii) the second identifying characteristic, a type and a version of an operating system loaded into the computer system's memory. |
地址 |
Milpitas CA US |