June 2006 Archives

Reconstructing a Binary (3)

By Andreas Schuster on June 11, 2006 7:55 PM

As it has been shown in two earlier posts it definitely is possible to reconstruct a program file from a full memory dump. However there's no guarantee the file will run properly. I'm going to explain the reason in this article.

Continue reading Reconstructing a Binary (3).

DFRWS 2006 Paper

By Andreas Schuster on June 5, 2006 5:10 PM

I'm excited to announce that my paper for DFRWS 2006 has been accepted. It is entitled Searching for Processes and Threads in Microsoft Windows Memory Dumps.

Continue reading DFRWS 2006 Paper.
« May 2006 | Main Index | Archives | July 2006 »

Search

Deutsch

Deutschsprachige Ausgabe

Recent Entries

Tag Cloud

Categories

Archives

Imprint

This blog is a project of:
Andreas Schuster
Im Äuelchen 45
D-53177 Bonn
impressum@forensikblog.de

Copyright © 2005-2012 by
Andreas Schuster
All rights reserved.
Powered by Movable Type 5.12