'Process Carving'에 해당되는 글 1건
- 2013.10.31 Prefetch / Process Carving : 종료된 프로세스 탐지
hswang
카테고리
|
태그목록
- DRIVER_IRQL_NOT_LESS_OR_EQUAL
- 정보보안기사
- PspCidTable
- TESTSIGNING
- g_CiOptions
- GetTokenInformation
- PsGetContextThread
- KdVersionBlock
- PsActiveProcessHead
- CI.dll
- SpinLock
- PspCreateProcessNotifyRoutine
- TokenElevationType
- IsUserAdmin
- g_CiEnabled
- SepInitializeCodeIntegrity
- StartService 1053
- RtlCaptureContext
- _KTRAP_FRAME
- CheckTokenMembership
- DISABLE_INTEGRITY_CHECKS
- _HANDLE_TABLE_ENTRY
- SystemStartOptions
- IsUserAnAdmin
- Wow64EnableWow64FsRedirection
- InterlockedCompareExchange
- NO_MORE_SYSTEM_PTES
- HandleTableListHead
- registers are not yet known
- ObTypeIndexTable