Browse > Article
http://dx.doi.org/10.3745/KTCCS.2013.2.11.461

High Speed Kernel Data Collection method for Analysis of Memory Workload  

Yoon, Jun Young (경북대학교 전자공학부)
Jung, Seung Wan (경북대학교 전자전기컴퓨터학부)
Park, Jong Woo (경북대학교 전자공학부)
Kim, Jung-Joon (경북대학교 전자공학부)
Seo, Dae-Wha (경북대학교 전자공학부)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.2, no.11, 2013 , pp. 461-470 More about this Journal
Abstract
This paper proposes high speed kernel data collection method for analysis of memory workload, using technique of direct access to process's memory management structure. The conventional analysis tools have a slower data collection speed and they are lack of scalability due to collection only formalized memory information. The proposed method collects kernel data much faster than the conventional methods using technique of direct collect to process's memory information, page table, page structure in the memory management structure, and it can collect data which user wanted. We collect memory management data of the running process, and analyze its memory workload.
Keywords
Memory Workload; Process Memory; Linux Memory Forensic;
Citations & Related Records
연도 인용수 순위
  • Reference
1 B. Ngueyn, "Proc File System," Specification, 2004, http://www.tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html/.
2 M. Kerrisk, "Core Dump Manual," Specification, 2013, http://man7.org/linux/man-pages/man5/core.5.html/.
3 Cat-v.org, "Process File System API," Specification, 2011, http://man.cat-v.org/unix_8th/4/proc/.
4 Mission Critical Linux, "In Memory Core Dump," Specification, http://mclx.com/projects/mcore/.
5 A. Cahalan, "Procps," Specification, 2009, http://procps.sourceforge.net/.
6 I. Kollar. "Forensic RAM dump image analyser," Master's thesis, Department of Software Engineering, Charles University, Prague 2010.
7 Raytheon Pikewerks, "Second-Look," Specification, http://secondlookforensics.com/.
8 draugr, "Live Memory Forensics on Linux," Specification, 2009, http://code.google.com/p/draugr/.
9 Red Hat, "White Paper : Red Hat Crash Utility," White Paper, 2008, http://people.redhat.com/anderson/crash_whitepaper/.
10 E. Girault, "Volatilitux," Specification, 2010, http://code.google.com/p/volatilitux/.
11 Volatile Systems, "Volatility," Specification, 2013, https://www.volatilesystems.com/default/volatility/.
12 J. Sylve, "LiME-Forensics," Specification, 2012, http://code.google.com/p/lime-forensics/.
13 M. Burdach, "Digital forensics of the physical memory," Specification, 2005, http://forensic.seccure.net/pdf/mburdach_digital_forensics_of_physical_memory.pdf/.