Linux Memory Forensics: Dissecting the User Space Process Heap
by Frank Block and Andreas Dewald
Abstract
The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process… Read more