« Demystifying first-chance exceptions (Part 1)
MDAA Volume 1 reached #1 bestseller status »

Memory Analysis (Part 1)

Recently being interested in forensic science and intelligence I decided to elaborate on memory analysis classification and came up with the following division:

- Memory Analysis Forensics

Answering questions related to a committed computer crime. The suspect may be a human or a software / hardware component. Incident response, troubleshooting and debugging belong to this category. Postmortem memory analysis is usually analysis of dump files saved and detached from the original system or operating conditions.

- Memory Analysis Intelligence

Monitoring memory state for behavioural and structural patterns to prevent certain events from occurring. Usually done in situ. However digital dumpster divers and spies may also collect and analyze memory data that was detached from the original computer system.

Each category can be further subdivided into:

– Functional Memory Analysis

Tracing of events.

Memoretics 

Analysis of memory states and their evolution.

The latter can be subdivided into: 

Static Memory Analysis

Traditional memory dump analysis.

Dynamic Memory Analysis

Live debugging.

- Dmitry Vostokov @ DumpAnalysis.org -

This entry was posted on Friday, May 23rd, 2008 at 11:30 pm and is filed under Crash Dump Analysis, Crash Dump Patterns, Debugging, Memory Analysis Forensics and Intelligence, Science of Memory Dump Analysis, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Memory Analysis (Part 1)”

  1. Crash Dump Analysis » Blog Archive » An Integral Memory Analysis Says:
    May 30th, 2008 at 2:01 pm

    […] the introductory division of memory analysis into two broad categories I decided to plan yet another book with the following title and […]

Leave a Reply

You must be logged in to post a comment.