A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf
.
Linux memory forensics: Dissecting the user space process heap
2017
Digital Investigation. The International Journal of Digital Forensics and Incident Response
The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process lists, network connections, and so on) and in particular on the Microsoft Windows operating system, this work focuses on Linux user space processes as they might also contain valuable information for an investigation. Because a lot of process data is located in the heap, this work in
doi:10.1016/j.diin.2017.06.002
fatcat:ugj5xd7zbzftxpbpp74tog3fxi