Code signature verification method based on computer memory evidence obtaining technology

A technology of memory forensics and signature verification, applied in the direction of digital data authentication, digital data protection, etc., can solve the problems of lack of protection on the client side, poor management of secret keys by the publisher, etc., and the results are more accurate, applicable and compatible sexual effect

Pending Publication Date: 2021-12-07
HARBIN UNIV OF SCI & TECH
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are also some weaknesses in the use of code signing, such as lack of protection on the client side, poor management of secret keys by publishers, certificate authorities issuing certificates to shell companies, etc.
Although code signatures are used to execute malware in computers, there are only a few, but there are still documented incidents such as Stuxnet, megacortex, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Code signature verification method based on computer memory evidence obtaining technology
  • Code signature verification method based on computer memory evidence obtaining technology
  • Code signature verification method based on computer memory evidence obtaining technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] In order to clearly and completely describe the technical solutions in the embodiments of the present invention, the present invention will be further described in detail below in conjunction with the drawings in the embodiments.

[0042] Step 1 The process of taking the memory dump file is as follows:

[0043] Take Windows 7 64-bit system host as an example.

[0044] The embodiment of the present invention obtains the flowchart of memory dump file, as figure 1 shown, including the following steps.

[0045] Step 1-1 determines that the target operating system is not a virtual machine;

[0046] Step 1-2 determines that the target operating system is running;

[0047] Steps 1-3 determine that you have the operation authority of the target operating system, then use software to obtain the memory dump file of the target operating system.

[0048] Step 2 Load the memory dump file into the Volatility forensic framework and find the matching operating system version and co...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a code signature verification method based on a computer memory evidence obtaining technology. The method comprises the steps of firstly establishing a dump file for a computer physical memory; then, obtaining an operating system version and configuration file information by utilizing a Volativity evidence obtaining framework; identifying a portable executable (PE) file of a memory under the support of an operating system version and configuration file information; and if the identified PE file contains the digital certificate, verifying the certificate. According to the memory code signature verification method, the code signature in the memory can be effectively verified, and evidence obtaining analysts are assisted in verifying the reliability of PE files in the memory.

Description

Technical field: [0001] The invention relates to a code signature verification method based on computer memory forensics technology. The method has good application in the field of computer memory forensics, and is mainly used for reconstructing security events and detecting untrustworthy files in the memory. Background technique: [0002] Computer forensics technology is a basic step in network security emergency response. Abnormal or unauthorized operations performed by malware in a computer system can be detected by analyzing the system's disk drive or memory. As a branch of computer forensics, memory forensics refers to finding, extracting, and analyzing volatile evidence from computer physical memory and page swap files. The method is to obtain memory dump files through hardware interface acquisition, software acquisition, and virtual machine snapshots. Save it to disk and analyze it using specialized software such as the Volatility Framework to reconstruct relevant sec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/64G06F21/33
CPCG06F21/64G06F21/33
Inventor 翟继强孙宏泰赵洛平
Owner HARBIN UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap