Research on User Data Leakage Prevention through Memory Initialization |
Yang, Dae-Yeop
(Graduate School of Information Security, Korea University)
Chung, Man-Hyun (Graduate School of Information Security, Korea University) Cho, Jae-Ik (Graduate School of Information Security, Korea University) Shon, Tae-Shik (Division of Information and Computer Engineering, Ajou University) Moon, Jong-Sub (Graduate School of Information Security, Korea University) |
1 | Hargreaves, C., Chivers, H., , "Recovery of Encryption Keys from Memory Using a Linear Scan," Availability, Reliability and Security, Third International Conference, pp.1369-1376, Barcelona, Spain, March 2008. |
2 | Themida, http://www.oreans.com/themida.php |
3 | Windows ISV Software Security Defenses, http://msdn.microsoft.com/en-us/library/bb430720.aspx |
4 | 한지성, 이상진, "라이브 포렌식을 위한 윈도우즈 물리 메모리 분석 도구", 정보보호학회논문지, 제21권, 제2호, 71-82쪽, 2011년 4월 |
5 | 이석희, 김현상, 이상진, 임종인, "윈도우 시스템에서 디지털 포렌식 관점의 메모리 정보 수집 및 분석 방법에 관한 고찰", 정보보호학회논문지, 제16권, 제1호, 2006년 2월 |
6 | Harlan Carvey, windows forensic analysis 2/e, Syngress, pp.107, 2009. |
7 | B. Carrier, J. Grand, "A Hardware-based Memory Acquisition Procedure for Digital Investigations", Digital Investigation, Vol. 1, Issue 1, pp. 50-60, February 2004. DOI ScienceOn |
8 | WinDD, http://www.moonsols.com/windows-memory-toolkit. |
9 | MDD(Mantech's Memory DD), http://www.mantech.com/ |
10 | Crash dump, http://support.microsoft.com/kb/927069 |
11 | Forcing a System Crash from the Keyboard, http://msdn.microsoft.com/en-us/library/windows/hardware/ff545499(v=vs.85).aspx |
12 | VMWare, VMWare, Inc., http://www.vmware.com/ |
13 | Brett Shavers, Virtual Forensics, A discussion of Virtual Machines Related to Forensics Analysis, http://www.forensicfocus.com/downloads/virtual-machines-forensics-analysis.pdf |
14 | Matthieu Suiche, Windows hibernation file for fun 'n' profit, http://www.blackhat.com/presentations/bh-usa-08/Suiche/BH_US_08_Suiche_Windows_hibernation.pdf |
15 | R.B. van Baar, W. Alink, A.R. van Ballegooij, Forensic memory analysis: Files mapped in memory, Digital Investigation, Volume 5, pp. S52-S57, Supplement, September 2008. DOI |
16 | Brendan Dolan-Gavitt. "The VAD Tree: A Process-eye View of Physical Memory", Digital Investigation 4, pp.62-64, September 2007. DOI |
17 | Wireshark, http://www.wireshark.org/ |