FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W249628192> ?p ?o ?g. }

• W249628192 abstract "Abstract : Analysis of raw memory dumps has become a critical capability in digital forensics because it gives insight into the state of a system that cannot be fully represented through traditional disk analysis. Interest in memory forensics has grown steadily in recent years, with a focus on the Microsoft Windows operating systems. However, similar capabilities for Linux and Apple OS X have lagged by comparison. The volafox open source project has begun work on structured memory analysis for OS X. The tool currently supports a limited set of kernel structures to parse hardware information, system build number, process listing, loaded kernel modules, syscall table, and socket connections. This research addresses one memory analysis deficiency on OS X by introducing a new volafox module for parsing file handles. When open files are mapped to a process, an examiner can learn which resources the process is accessing on disk. This listing is useful for determining what information may have been the target for exfilitration or modification on a compromised system. Comparing output of the developed module and the UNIX lsof (list open files) command on two version of OS X and two kernel architectures validates the methodology used to extract file handle information." @default.
• W249628192 created "2016-06-24" @default.
• W249628192 creator A5011895410 @default.
• W249628192 date "2012-06-14" @default.
• W249628192 modified "2023-09-27" @default.
• W249628192 title "Forensic Memory Analysis for Apple OS X" @default.
• W249628192 hasPublicationYear "2012" @default.
• W249628192 type Work @default.
• W249628192 sameAs 249628192 @default.
• W249628192 citedByCount "1" @default.
• W249628192 countsByYear W2496281922013 @default.
• W249628192 crossrefType "journal-article" @default.
• W249628192 hasAuthorship W249628192A5011895410 @default.
• W249628192 hasConcept C111919701 @default.
• W249628192 hasConcept C112968700 @default.
• W249628192 hasConcept C186644900 @default.
• W249628192 hasConcept C199360897 @default.
• W249628192 hasConcept C2777904410 @default.
• W249628192 hasConcept C2780940931 @default.
• W249628192 hasConcept C41008148 @default.
• W249628192 hasConcept C515153823 @default.
• W249628192 hasConcept C77088390 @default.
• W249628192 hasConcept C84418412 @default.
• W249628192 hasConcept C98045186 @default.
• W249628192 hasConceptScore W249628192C111919701 @default.
• W249628192 hasConceptScore W249628192C112968700 @default.
• W249628192 hasConceptScore W249628192C186644900 @default.
• W249628192 hasConceptScore W249628192C199360897 @default.
• W249628192 hasConceptScore W249628192C2777904410 @default.
• W249628192 hasConceptScore W249628192C2780940931 @default.
• W249628192 hasConceptScore W249628192C41008148 @default.
• W249628192 hasConceptScore W249628192C515153823 @default.
• W249628192 hasConceptScore W249628192C77088390 @default.
• W249628192 hasConceptScore W249628192C84418412 @default.
• W249628192 hasConceptScore W249628192C98045186 @default.
• W249628192 hasLocation W2496281921 @default.
• W249628192 hasOpenAccess W249628192 @default.
• W249628192 hasPrimaryLocation W2496281921 @default.
• W249628192 hasRelatedWork W1217199245 @default.
• W249628192 hasRelatedWork W1480756613 @default.
• W249628192 hasRelatedWork W1497599343 @default.
• W249628192 hasRelatedWork W1852675693 @default.
• W249628192 hasRelatedWork W2016650184 @default.
• W249628192 hasRelatedWork W2026083579 @default.
• W249628192 hasRelatedWork W2039865021 @default.
• W249628192 hasRelatedWork W2132174782 @default.
• W249628192 hasRelatedWork W2142548558 @default.
• W249628192 hasRelatedWork W2204120039 @default.
• W249628192 hasRelatedWork W2221965757 @default.
• W249628192 hasRelatedWork W2305913602 @default.
• W249628192 hasRelatedWork W2478681103 @default.
• W249628192 hasRelatedWork W2510096944 @default.
• W249628192 hasRelatedWork W2534313738 @default.
• W249628192 hasRelatedWork W2559378645 @default.
• W249628192 hasRelatedWork W2598672303 @default.
• W249628192 hasRelatedWork W3184044395 @default.
• W249628192 hasRelatedWork W48785779 @default.
• W249628192 hasRelatedWork W99076305 @default.
• W249628192 isParatext "false" @default.
• W249628192 isRetracted "false" @default.
• W249628192 magId "249628192" @default.
• W249628192 workType "article" @default.