{"title":"从Windows内存映像文件中取证提取系统登录密码的研究","authors":"Lijuan Xu, Lianhai Wang","doi":"10.1109/CIS.2013.156","DOIUrl":null,"url":null,"abstract":"Forensics analysis of physical memory is a key point in computer living forensics. Most of the research carried out focusing on enumerating processes and threads by accessing memory resident objects. However, collecting case sensitive information from the extracted memory content is import and difficult in computer forensics. Password plaintext is one of the most concerning sensitive information to an investigator. The traditional methods to extract system logged in password plaintext mainly rely on cracker tools, whose success rate depend on the password complexity. The important contribution of the paper is a new technique for extracting system logged-in password plaintext from physical memory. It allows extracting arbitrary length system logged-in password plaintext. The proposed method can extract system logged-in password plaintext of Windows XP and Windows 7.","PeriodicalId":294223,"journal":{"name":"2013 Ninth International Conference on Computational Intelligence and Security","volume":"107 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Research on Extracting System Logged-In Password Forensically from Windows Memory Image File\",\"authors\":\"Lijuan Xu, Lianhai Wang\",\"doi\":\"10.1109/CIS.2013.156\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Forensics analysis of physical memory is a key point in computer living forensics. Most of the research carried out focusing on enumerating processes and threads by accessing memory resident objects. However, collecting case sensitive information from the extracted memory content is import and difficult in computer forensics. Password plaintext is one of the most concerning sensitive information to an investigator. The traditional methods to extract system logged in password plaintext mainly rely on cracker tools, whose success rate depend on the password complexity. The important contribution of the paper is a new technique for extracting system logged-in password plaintext from physical memory. It allows extracting arbitrary length system logged-in password plaintext. The proposed method can extract system logged-in password plaintext of Windows XP and Windows 7.\",\"PeriodicalId\":294223,\"journal\":{\"name\":\"2013 Ninth International Conference on Computational Intelligence and Security\",\"volume\":\"107 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 Ninth International Conference on Computational Intelligence and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CIS.2013.156\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 Ninth International Conference on Computational Intelligence and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIS.2013.156","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Research on Extracting System Logged-In Password Forensically from Windows Memory Image File
Forensics analysis of physical memory is a key point in computer living forensics. Most of the research carried out focusing on enumerating processes and threads by accessing memory resident objects. However, collecting case sensitive information from the extracted memory content is import and difficult in computer forensics. Password plaintext is one of the most concerning sensitive information to an investigator. The traditional methods to extract system logged in password plaintext mainly rely on cracker tools, whose success rate depend on the password complexity. The important contribution of the paper is a new technique for extracting system logged-in password plaintext from physical memory. It allows extracting arbitrary length system logged-in password plaintext. The proposed method can extract system logged-in password plaintext of Windows XP and Windows 7.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
