| 面向取证应用的PC版微信的内存分析方法 |
| |
| 引用本文: | 李威,廖健,曾剑平.面向取证应用的PC版微信的内存分析方法[J].计算机应用与软件,2019(2):329-333. |
| |
| 作者姓名: | 李威 廖健 曾剑平 |
| |
| 作者单位: | 1.浙江中烟工业有限责任公司信息中心;2.复旦大学计算机科学技术学院 |
| |
| 摘 要: | 微信是目前公众使用频率极高的一款即时通信软件,为公众带来极大的便利。但同时也给不法分子带来新的机会,许多违法犯罪行为在微信平台上发生。设计一种PC版微信的内存分析方法,借助第三方工具pmdump得到微信应用的内存文件并对其进行分析,描述该方法的思路和具体步骤。特别针对文本、表情等多种不同类型信息撤回时,对内存文件中的特征变化进行分析。该方法对于微信应用的内存取证分析、撤回信息分析的应用场景具有一定参考价值。
|
| 关 键 词: | 微信取证 内存分析 撤回信息 pmdump |
MEMORY ANALYSIS METHOD OF WECHAT IN PC VERSION FOR FORENSICS APPLICATION |
| |
| Li Wei,Liao Jian,Zeng Jianping.MEMORY ANALYSIS METHOD OF WECHAT IN PC VERSION FOR FORENSICS APPLICATION[J].Computer Applications and Software,2019(2):329-333. |
| |
| Authors: | Li Wei Liao Jian Zeng Jianping |
| |
| Affiliation: | (Information Center, China Tobacco Zhejiang Industrial Co. , Ltd. , Hangzhou 310001, Zhejiang, China;School of Computer Science, Fudan University, Shanghai 200433, China) |
| |
| Abstract: | Nowadays, Wechat is a kind of instant messaging software with high frequency used by the public. It brings great convenience to the public. However, it also brings new opportunities to the lawless persons. Many criminal activities take place on the platform of WeChat. The paper designed memory analysis method for WeChat in PC version. The third-party tool pmdump was utilized to get memory files in WeChat and the files were analyzed. We described the ideas and concrete steps. The feature changes in the memory file were analyzed especially when text, expression and other different types of information were revoked. This method has a certain reference for the application scenarios in which we need to analyze the memory forensics and the revoking message in WeChat. |
| |
| Keywords: | WeChat forensics Memory analysis Revoking message Pmdump |
| 本文献已被 维普 等数据库收录! |
|
