en
Четете в приложенията ни:
iOS
·Android
The Art of Memory Forensics
- За книгата
- Цитати19
- Читатели8
- Andrii Pastushenkoцитирапреди 5 месеца
$ python vol.py pslist > pslist.txt
$ python vol.py pslist --output-file=pslist.txt - Andrii Pastushenkoцитирапреди 5 месецаFor example, if various plugins create _EPROCESS objects and they all commonly need to determine whether the process is suspicious, based on several factors, you can use an object class to add such logic. A simple example is shown in the following code:
- Andrii Pastushenkoцитирапреди 5 месецаthird-party modules that Volatility can leverage and the specific plugins that utilize them
- Andrii Pastushenkoцитирапреди 6 месецаknowledge of an operating system’s specific implementation of an abstract data structure is paramount to learning why certain attacks (that manipulate the structure(s)) are successful and how memory analysis tools can help you detect such attacks
- Andrii Pastushenkoцитирапреди 6 месецаHash table with chained-overflow example
- Andrii Pastushenkoцитирапреди 6 месецаStructure Type Definition _LIST_ENTRY64 on 64-Bit Versions of Windows
- Andrii Pastushenkoцитирапреди 6 месецаAn example linked-list implementation used frequently in the Linux kernel is the circular linked list
- Andrii Pastushenkoцитирапреди 6 месецаSingly-linked list example
- Andrii Pastushenkoцитирапреди 6 месецаStructure Type Definition for _UNICODE_STRING on 64-Bit Versions of Windows
- Andrii Pastushenkoцитирапреди 6 месецаwhen analyzing the physical address space of a system that leverages paged virtual memory, you could encounter a string that crosses a page boundary to a page that is no longer memory resident, which would require special processing or heuristics to determine the actual size of the string
fb2epub
Плъзнете и пуснете файловете си
(не повече от 5 наведнъж)