Linux Memory Forensics: Dissecting the User Space Process Heap

by Frank Block and Andreas Dewald

Abstract

The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process … Read more