Obtaining Sensitive Information in RAM by Using the Structure of KPCR

doi:10.3969/j.issn.1671-1122.2015.03.009

Abstract

Abstract:

Obtaining sensitive information in traditional RAM analysis uses the structures of realizing software in operating system, which has some certain shortcomings in depth and breadth. This paper finds a new way for tracing and extending key content by control structures of bottom hardware administration, illustrates the method of locating position, discusses the characteristics of digital investigation in inner format, provides new thought and method for investigating RAM space. In the part of case analysis, this paper explains specific application of mentioned method based on extensive used Windows 7 currently.

Key words: RAM, digital investigation, KPCR, KPRCB, Windows 7

CLC Number:

TP309

LUO Wen-hua, SHEN Cheng-xuan. Obtaining Sensitive Information in RAM by Using the Structure of KPCR[J]. Netinfo Security, 2015, 15(3): 44-47.

Figures/Tables 12

References 10

[1]	郭牧,王连海.基于KPCR结构的Windows物理内存分析方法[J]. 计算机工程与应用, 2009,(18):74-77.
[2]	Okolica J, Peterson GL.Windows operating systems agnostic memory analysis[J]. Digital Investigation, 2010,(7):48-56.
[3]	张银奎. 软件调试[M].北京:电子工业出版社,2008:55-162.
[4]	罗文华. Windows环境下进程空间信息深度挖掘方法研究[J].信息网络安全,2014,(4):31-34.
[5]	陶玉龙,卢凯,王小平,等.面向云服务的高性能计算柔性服务平台[J]. 信息网络安全,2012,(6):57-60.
[6]	吴志军,王娟. 基于IPSec的大型机场无线局域网接入认证方法研究[J]. 信息网络安全,2012,(6):14-17.
[7]	胡春辉. 云计算安全风险与保护技术框架分析[J]. 信息网络安全,2012,(7):87-89.
[8]	江伟玉,高能,刘泽艺,等. 一种云计算中的多重身份认证与授权方案[J]. 信息网络安全,2012,(8):7-10.
[9]	余幸杰,高能,江伟玉. 云计算中的身份认证技术研究[J]. 信息网络安全,2012,(8):71-74.
[10]	王伟,高能,江丽娜. 云计算安全需求分析研究[J]. 信息网络安全,2012,(8):75-78.

[1]	LI Qiang, SHEN Yuanhai, LIU Tianxu, HUANG Yanyu, SUN Jianguo. Efficient Searchable Symmetric Encryption Scheme for Size Pattern Protection [J]. Netinfo Security, 2024, 24(6): 843-854.
[2]	ZHU Min, XIAO Hao. An Area Efficient Dual-State Configurable NTT Hardware Accelerator [J]. Netinfo Security, 2024, 24(6): 959-967.
[3]	XUE Mingzhu, HU Liang, WANG Ming, WANG Feng. TAP Rule Processing System Based on Federated Learning and Blockchain Technology [J]. Netinfo Security, 2024, 24(3): 473-485.
[4]	LI Zhihui, LUO Shuangshuang, WEI Xingjia. Quantum Secret Sharing Schemes Based on a Class of Restricted Access Structures [J]. Netinfo Security, 2023, 23(8): 32-40.
[5]	DU Weidong, LI Min, HAN Yiliang, WANG Xu’an. An Efficient Versatile Homomorphic Encryption Framework Based on Ciphertext Conversion Technique [J]. Netinfo Security, 2023, 23(4): 51-60.
[6]	XIAO Hao, ZHAO Yanrui, HU Yue, LIU Xiaofan. Hardware Design and Implementation of Number Theoretic Transform in Post-Quantum Cryptography [J]. Netinfo Security, 2023, 23(4): 72-79.
[7]	WANG Ming, XING Yongheng, WANG Feng. Unsupervised Matrix Factorization Based Trigger Action Programming Rules Recommendation [J]. Netinfo Security, 2023, 23(2): 96-103.
[8]	WU Linjun, LIU Yang, YUAN Tao, HU Yupeng. STT-MRAM Random Number Generator with Anti-Temperature Interference and Security Analysis [J]. Netinfo Security, 2022, 22(8): 36-43.
[9]	LIU Lingxiang, PAN Zulie, LI Yang, LI Zongchao. Firmware Vulnerability Static Localization Method Based on Front-End and Back-End Correlation Analysis [J]. Netinfo Security, 2022, 22(8): 44-54.
[10]	LIU Jiayin, LI Fujuan, MA Zhuo, XIA Lingling. Malware Classification Method Based on Multi-Scale Convolutional Neural Network [J]. Netinfo Security, 2022, 22(10): 31-38.
[11]	ZHU Lina, MA Mingrui, ZHU Dongzhao. Detection Method for C Language Family Based on Graph Neural Network and Generic Vulnerability Analysis Framework [J]. Netinfo Security, 2022, 22(10): 59-68.
[12]	LU Honglin, WANG Liming, YANG Jing. A New Parameter Masking Federated Learning Privacy Preserving Scheme [J]. Netinfo Security, 2021, 21(8): 26-34.
[13]	XU Guotian*, SHEN Yaotong. Multiple Classification Detection Method for Malware Based on XGBoost and Stacking Fusion Model [J]. Netinfo Security, 2021, 21(6): 52-62.
[14]	LIU Yi, LI Jianhua, ZHANG Yitao, MENG Tao. Network Abnormal Flow Detection Method Based on Feature Attribute Information Entropy [J]. Netinfo Security, 2021, 21(2): 78-86.
[15]	WANG Wei, HUANG Shuhua. The Digital File Confidential Cabinet Based on Symmetric Encryption [J]. Netinfo Security, 2021, 21(12): 19-24.