this is for holding javascript data
Igor.Korkin deleted file 2.3. Conclusion.tex
over 9 years ago
Commit id: 4da5c8c0e9b4666c40a24b4a05ac58b499e16ad8
deletions | additions
diff --git a/2.3. Conclusion.tex b/2.3. Conclusion.tex
deleted file mode 100644
index bf60f7c..0000000
--- a/2.3. Conclusion.tex
+++ /dev/null
...
\subsection{Conclusion}
The analysis shows that the existing approaches and tools of memory dump acquisition do not fully comply with the current requirements:
\begin{enumerate}
\item Approaches based on Windows OS functions are vulnerable to intruder’s attacks. VMX, SMM, AMT and hardware methods are difficult to use in industrial environments. They are more suitable for a specialized laboratory with highly qualified experts. Other research projects approaches are difficult to apply in practice.
\item Due to the fact that some memory pages are stored in a paging file, RAM dump does not contain complete data. This is especially obvious for PCs with low RAM.
\item The raw physical memory dump is not suitable for extracting useful information because relationships between the virtual and physical address spaces are lost. To overcome this fact additional work has to be done [67], for example lookup of EPROCESS structures by Burdach [68] or KPCR structures by Zwang, Wang [69]. This work involves a lot of difficulties.
\end{enumerate}
It is essential to develop new detection software, which is resilient to common rootkits tricks. This software should pose great opportunities for memory dump analysis and forensics usage.
