Forensic memory analysis : From stack and code to execution history 5

@inproceedings{ArastehForensicMA,
  title={Forensic memory analysis : From stack and code to execution history 5},
  author={Ali Reza Arasteh and Mourad Debbabi}
}
Forensics memory analysis has recently gained great attention in cyber forensics community. However, most of the proposals have focused on the extraction of important kernel data structures such as executive objects from the memory. In this paper, we propose a formal approach to analyze the stack memory of process threads to discover a partial execution history of the process. Our approach uses a process logic to model the extracted properties from the stack and then verify these properties… CONTINUE READING
Highly Cited
This paper has 27 citations. REVIEW CITATIONS