Unlock instant, AI-driven research and patent intelligence for your innovation.

Memory forensic analysis method and device based on Dumpt and Volativity and storage medium

A technology of memory forensics and analysis methods, which is applied in the field of computer memory forensics and can solve cumbersome problems

Pending Publication Date: 2022-07-29
北京中睿天下信息技术有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In order to deal with a variety of complex scenarios, memory forensics has different methods. However, the existing methods of memory forensics often require specific environments and equipment conditions to complete memory forensics, which is relatively cumbersome.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Memory forensic analysis method and device based on Dumpt and Volativity and storage medium
  • Memory forensic analysis method and device based on Dumpt and Volativity and storage medium
  • Memory forensic analysis method and device based on Dumpt and Volativity and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] In order to make the purpose, technical solutions and advantages of the present application more clearly understood, the present application will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present application, but not to limit the present application.

[0030] In the description of the present invention, the terms "comprising", "having" and any variations thereof are intended to cover non-exclusive inclusion, for example, a process, method, system, product or device comprising a series of steps or units is not necessarily limited to Those steps or units that have been explicitly listed may also include other steps or units that are not explicitly listed but are inherent to these processes, methods, products or devices, or are added based on further optimization solutions based on the present inventive concept. steps o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a memory forensic analysis method and a memory forensic analysis device based on Dumpt and Volativity, and a storage medium. The method comprises the following steps: firstly, establishing a connection relationship with target equipment, and obtaining a memory mirror image of the target equipment through Dumpt; carrying out mirror image content analysis on the obtained memory mirror image based on a Volativity evidence obtaining framework to obtain a threat feature set; and finally, a memory forensic analysis model is established based on the obtained threat feature set, and the memory forensic analysis model is used for performing memory forensic analysis on the obtained information. According to the method, simple memory analysis is carried out on the quick response event, and Dumpt can simply and conveniently obtain a computer memory mirror image on a windows platform and can be deployed on a usb flash disk for quick response; the Volativity can be used for carrying out detailed and feature analysis on the memory mirror image through python, and can also be used for carrying out modification or function extension on the source code so as to integrate rich library files.

Description

technical field [0001] The invention relates to the field of computer memory forensics, in particular to a memory forensics analysis method, device and storage medium based on Dumplt and volatility. Background technique [0002] Memory forensics usually refers to the acquisition and analysis of temporary data stored in the physical memory of computers and related smart devices when they are running, and to extract valuable data. The memory is the area where the operating system and various software exchange data, and the data is easy to lose. Usually, the data disappears soon after the shutdown. [0003] Memory forensics can be roughly divided into two ways. One is to find that the system has been invaded when the host is alive, and then directly dump the running memory of the machine, analyze the running memory, restore some process information, and analyze and obtain valuable data. The other is to analyze the image after the machine is imaged, and analyze the image to ana...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/033
Inventor 刘庆林李宁刘正伟魏海宇谢辉安恩庆刘刚李小琼康柏荣王鲲
Owner 北京中睿天下信息技术有限公司