this is for holding javascript data
Igor.Korkin added figure figures/t8/t8.png to article
over 9 years ago
Commit id: 9a8d9db57957d114f3230aff62997c6243b819b7
deletions | additions
diff --git a/figures/t8/caption.tex b/figures/t8/caption.tex
new file mode 100644
index 0000000..a8a1b0c
--- /dev/null
+++ b/figures/t8/caption.tex
...
Replace this text with your caption
diff --git a/figures/t8/size.tex b/figures/t8/size.tex
new file mode 100644
index 0000000..2fcf78b
--- /dev/null
+++ b/figures/t8/size.tex
...
height = 700\nwidth = 500
diff --git a/figures/t8/t8.png b/figures/t8/t8.png
new file mode 100644
index 0000000..7e80a41
Binary files /dev/null and b/figures/t8/t8.png differ
diff --git a/layout.md b/layout.md
index dfe19cc..4c3d66c 100644
--- a/layout.md
+++ b/layout.md
...
4.3.2. Rating Point Inspection (RPI) for DRIVER_OBJECT detection3.tex
figures/t7/t7.png
4.3.2. Rating Point Inspection (RPI) for DRIVER_OBJECT detection.tex
figures/t8/t8.png
2.2.4. Active Management Technology CodeOn computers supporting Active Management Technology (AMT), which is a part of Intel Management Engine (ME), another memory acquisition method can be implemented. AMT code is executed in additional process unit which is located either in the Northbridge or Southbridge. As a result this code is more privileged than VMX-root mode code or SMM code. The following papers cover this mode from the information security point of view [43, 44]. Due to the fact that malware can be executed in this mode [42, 45], we can state that memory dumping can operate in this mode too. Widespread use of this method in practice is hampered by the lack of comprehensive documentation on AMT and ME..tex