Whitelisting system state in windows forensic memory visualizations

Lapso Joshua A.; Peterson Gilbert L.; Okolica James S.

首页> 外文期刊>Digital investigation >Whitelisting system state in windows forensic memory visualizations

【24h】

Whitelisting system state in windows forensic memory visualizations

机译：在Windows法医内存可视化中将系统状态列入白名单

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Examiners in the field of digital forensics regularly encounter enormous amounts of data and must identify the few artifacts of evidentiary value. One challenge these examiners face is manual reconstruction of complex datasets with both hierarchical and associative relationships. The complexity of this data requires significant knowledge, training, and experience to correctly and efficiently examine. Current methods provide text-based representations or low-level visualizations, but levee the task of maintaining global context of system state on the examiner. This research presents a visualization tool that improves analysis methods through simultaneous representation of the hierarchical and associative relationships and local detailed data within a single page application. A novel whitelisting feature further improves analysis by eliminating items of less interest from view. Results from a pilot study demonstrate that the visualization tool can assist examiners to more accurately and quickly identify artifacts of interest. Published by Elsevier Ltd.

机译：数字取证领域的审查员经常会遇到大量数据，并且必须确定证据价值极少的人工制品。这些审查员面临的挑战之一是手动重建具有层次关系和关联关系的复杂数据集。此数据的复杂性需要大量知识，培训和经验，才能正确有效地进行检查。当前的方法提供了基于文本的表示形式或低级的可视化效果，但是使维护检查者上系统状态的全局上下文的任务告吹。这项研究提出了一种可视化工具，可通过在单个页面应用程序中同时表示层次结构和关联关系以及局部详细数据来改进分析方法。新颖的白名单功能通过消除视图中不那么感兴趣的项进一步改善了分析。一项初步研究的结果表明，可视化工具可以帮助检查员更准确，更快速地识别感兴趣的工件。由Elsevier Ltd.发布

著录项

来源
《Digital investigation》 |2017年第3期|2-15|共14页
作者
Lapso Joshua A.; Peterson Gilbert L.; Okolica James S.;
展开▼
作者单位

Air Force Inst Technol, Dept Elect & Comp Engn, Wright Patterson AFB, OH 45433 USA;

Air Force Inst Technol, Dept Elect & Comp Engn, Wright Patterson AFB, OH 45433 USA;

Air Force Inst Technol, Dept Elect & Comp Engn, Wright Patterson AFB, OH 45433 USA;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Memory forensics; Incident response; Information visualization; Forensic visualization tools; Single page web application; D3.js;

机译：内存取证;事件响应;信息可视化;取证可视化工具;单页Web应用程序;D3.js;

相似文献

外文文献
中文文献
专利

1. Memory forensics and the Windows Subsystem for Linux [J] . Lewis Nathan, Case Andrew, Ali-Gombe Aisha, Digital investigation . 2018,第JULa期

机译：内存取证和Linux的Windows子系统
2. Memory FORESHADOW: Memory FOREnSics of HArDware CryptOcurrency wallets - A Tool and Visualization Framework [J] . Thomas Tyler, Piscitelli Mathew, Shavrov Ilya, Digital investigation . 2020,第Jula期

机译：内存预示：硬件加密货币硬件的内存取证 - 一种工具和可视化框架
3. Malware forensics field guide for Windows systems:digital forensics field guides. [J] . Jeremy A. Hansen Computing reviews . 2013,第8期

机译：Windows系统的恶意软件取证领域指南：数字取证领域指南。
4. Effective whitelisting for filesystem forensics [C] . Chawathe S.S. Intelligence and Security Informatics, 2009. ISI '09 . 2009

机译：有效的白名单文件系统取证
5. Analysis of Windows memory for forensic investigations. [D] . Hejazi, Seyed Mahmood. 2009

机译：分析Windows内存以进行法医调查。
6. Non-Volatile Memory Forensic Analysis in Windows 10 IoT Core [O] . Juan Manuel Castelo Gómez, José Roldán Gómez, Javier Carrillo Mondéjar, 2019

机译：Windows 10 IOT核心中的非易失性内存法医分析
7. Whitelisting system state in windows forensic memory visualizations [O] . Joshua A. Lapso, Gilbert L. Peterson, James S. Okolica 2017

机译：Windows法医内存可视化中的白名单系统状态
8. Whitelisting System State In Windows Forensic Memory Visualizations. [R] . Lapso, J. A. 2016

机译：Windows取证内存可视化中的白名单系统状态。

Whitelisting system state in windows forensic memory visualizations

摘要

著录项

相似文献

相关主题

期刊订阅