國立虎尾科技大學 |

Exploiting Generational Garbage Collection : = Using Data Remnants to Improve Memory Analysis and Digital Forensics.

紀錄類型:	書目-語言資料,手稿 : Monograph/item
正題名/作者:	Exploiting Generational Garbage Collection :/
其他題名:	Using Data Remnants to Improve Memory Analysis and Digital Forensics.
作者:	Pridgen, Adam T.
面頁冊數:	1 online resource (81 pages)
附註:	Source: Dissertation Abstracts International, Volume: 79-05(E), Section: B.
標題:	Computer science. -
電子資源:	click for full text (PQDT)
ISBN:	9780355385731

Exploiting Generational Garbage Collection : = Using Data Remnants to Improve Memory Analysis and Digital Forensics.
Pridgen, Adam T.

Exploiting Generational Garbage Collection :Using Data Remnants to Improve Memory Analysis and Digital Forensics. - 1 online resource (81 pages)

Source: Dissertation Abstracts International, Volume: 79-05(E), Section: B.

Thesis (Ph.D.)--Rice University, 2017.

Includes bibliographical references

Malware authors employ sophisticated tools and infrastructure to undermine information security and steal data on a daily basis. When these attacks or infrastructure are discovered, digital forensics attempts to reconstruct the events from evidence left over on file systems, network drives, and system memory dumps. In the last several years, malware authors have been observed used the Java managed runtimes to commit criminal theft [1, 2] and conduct espionage [3, 4, 5].

Electronic reproduction.
Ann Arbor, Mich. :
ProQuest,
2018

Mode of access: World Wide Web

ISBN: 9780355385731Subjects--Topical Terms:

573171
Computer science.
Index Terms--Genre/Form:

554714
Electronic books.

Exploiting Generational Garbage Collection : = Using Data Remnants to Improve Memory Analysis and Digital Forensics.
LDR:03432ntm a2200337K 4500 001 912431
005 20180608141654.5
006 m o u
007 cr mn||||a|a||
008 190606s2017 xx obm 000 0 eng d
020 $a 9780355385731
035 $a (MiAaPQ)AAI10673652
035 $a (MiAaPQ)0187rice:2024Pridgen
035 $a AAI10673652
040 $a MiAaPQ $b eng $c MiAaPQ
100 1 $a Pridgen, Adam T. $3 1184787
245 1 0 $a Exploiting Generational Garbage Collection : $b Using Data Remnants to Improve Memory Analysis and Digital Forensics.
264 0 $c 2017
300 $a 1 online resource (81 pages)
336 $a text $b txt $2 rdacontent
337 $a computer $b c $2 rdamedia
338 $a online resource $b cr $2 rdacarrier
500 $a Source: Dissertation Abstracts International, Volume: 79-05(E), Section: B.
500 $a Adviser: Dan S. Wallach.
502 $a Thesis (Ph.D.)--Rice University, 2017.
504 $a Includes bibliographical references
520 $a Malware authors employ sophisticated tools and infrastructure to undermine information security and steal data on a daily basis. When these attacks or infrastructure are discovered, digital forensics attempts to reconstruct the events from evidence left over on file systems, network drives, and system memory dumps. In the last several years, malware authors have been observed used the Java managed runtimes to commit criminal theft [1, 2] and conduct espionage [3, 4, 5].
520 $a Fortunately for forensic analysts, the most prevalent versions of Java uses generational garbage collection to help improve runtime performance. The memory system allocates me mory fro m a managed heap. When memory is exhausted in this heap, the JVM will sweep over partitions reclaiming memory from dead objects. This memory is not sanitized or zero'ed. Hence, latent secrets and object data persist until it is overwritten. For example, sockets and open file recovery are possible even after resources are closed and purged from the OS kernel memory.
520 $a This research measures the lifetime of latent data and implements a Python framework that can be used to recover this object data. Latent secret lifetimes are experimentally measured using TLS keys in a Java application. An application is configured to be very active and minimally active. The application also utilizes raw Java sockets and Apache HTTPClient to determine whether or not a Java framework impacts latent secret lifetimes. Depending on the heap size(512MiB to 16GiB), between 10-40% of the TLS keys are recoverable from the heap, which correlates directly to memory pressure. This research also exploi ts prope rties to identify and recover evidence from the Java heap. The RecOOP framework helps locate all the loaded types, identify the managed Java heaps, and scan for potential objects [6]. The framework then lifts these objects into Python where they can be analyzed further. One key findings include the fact that IO streams for processes started from within Java remained in memory, and the data in these buffers could be used to infer the program executed. Socket and data could also be recovered even when the socket structures were missing from the OS's kernel memory.
533 $a Electronic reproduction. $b Ann Arbor, Mich. : $c ProQuest, $d 2018
538 $a Mode of access: World Wide Web
650 4 $a Computer science. $3 573171
655 7 $a Electronic books. $2 local $3 554714
690 $a 0984
710 2 $a ProQuest Information and Learning Co. $3 1178819
710 2 $a Rice University. $b Computer Science. $3 1184788
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10673652 $z click for full text (PQDT)