Identifying the unknown in user space memory

White, Andrew J. (2013) Identifying the unknown in user space memory. PhD thesis, Queensland University of Technology.


This thesis is a study of how the contents of volatile memory on the Windows operating system can be better understood and utilised for the purposes of digital forensic investigations. It proposes several techniques to improve the analysis of memory, with a focus on improving the detection of unknown code such as malware. These contributions allow the creation of a more complete reconstruction of the state of a computer at acquisition time, including whether or not the computer has been infected by malicious code.

Impact and interest:

Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

651 since deposited on 11 Nov 2013
101 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 64181
Item Type: QUT Thesis (PhD)
Supervisor: Schatz, Bradley & Foo, Ernest
Keywords: Memory Forensics, User Space Memory, Malware Detection, Windows, Digital Forensics
Divisions: Current > Institutes > Institute for Future Environments
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Institution: Queensland University of Technology
Deposited On: 11 Nov 2013 04:36
Last Modified: 21 Jun 2017 14:48

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page