Skip to content
No description, website, or topics provided.
Python C++ C
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
other.plugins Removed hashtest and hashbuild from this repo Jul 19, 2019
test.setups Added test setup descriptions Jul 19, 2019
tools added hint to "what makes it page" Aug 4, 2019
README.md Updated Readme Jul 19, 2019
malware.md Added malware description Jul 19, 2019
ptenum.py bugfix regarding pages not belonging to any VAD Sep 25, 2019

README.md

This is the online repository for the paper "Windows Memory Forensics: Detecting (un)intentionally hidden injected Code by examining Page Table Entries" by Frank Block and Andreas Dewald (http://dfrws.org/conferences/dfrws-usa-2019/sessions/windows-memory-forensics-detecting-unintentionally-hidden). It contains all material referenced in the paper, including the resulting Rekall plugin: ptenum.py

On any questions (regarding this research ;-) ) don't hesitate to contact research-codeinjections@f-block.org

You can’t perform that action at this time.