Object Scanning of Windows Kernel Driver Based on Pool Tag Quick Scanning

Object Scanning of Windows Kernel Driver Based on Pool Tag Quick Scanning

In the memory forensics, the Pool Tag Scanning based on the memory pool tag requires a detailed search of the physical memory when scanning the kernel driver object, which is very inefficient. The object scanning of Windows kernel driver by using the pool tag quick scanning is proposed. The method u...

Full description

Bibliographic Details
Format: Article
Language:zho
Published: The Northwestern Polytechnical University 2019-10-01
Series:Xibei Gongye Daxue Xuebao
Subjects:
memory forensics
pool tag
pool tag quick scanning
kernel driver object
Online Access:https://www.jnwpu.org/articles/jnwpu/full_html/2019/05/jnwpu2019375p1044/jnwpu2019375p1044.html

Internet

https://www.jnwpu.org/articles/jnwpu/full_html/2019/05/jnwpu2019375p1044/jnwpu2019375p1044.html

Similar Items