摘要 |
A method for processing, analyzing live and off-line physical memory in order to determine the presence, and initiate the removal, of malware from the system. The internal structures within the host operating system, the drivers, and the user-space executables can be utilized to self-verify the integrity of the processes, their related structures, and the binary execution paths residing on the system. Additionally, these same characteristics are employed for use in comparison with other baseline malicious and benign datasets as well as datasets from live systems to automatically identify malware and remove it from a targeted computer system. |