'Process Carving'에 해당되는 글 1건
- 2013.10.31 Prefetch / Process Carving : 종료된 프로세스 탐지
hswang
카테고리
|
태그목록
- PspCidTable
- PsGetContextThread
- TokenElevationType
- registers are not yet known
- KdVersionBlock
- DISABLE_INTEGRITY_CHECKS
- TESTSIGNING
- HandleTableListHead
- IsUserAdmin
- DRIVER_IRQL_NOT_LESS_OR_EQUAL
- IsUserAnAdmin
- StartService 1053
- PsActiveProcessHead
- SpinLock
- ObTypeIndexTable
- _KTRAP_FRAME
- GetTokenInformation
- Wow64EnableWow64FsRedirection
- _HANDLE_TABLE_ENTRY
- RtlCaptureContext
- PspCreateProcessNotifyRoutine
- InterlockedCompareExchange
- g_CiOptions
- SystemStartOptions
- CI.dll
- NO_MORE_SYSTEM_PTES
- SepInitializeCodeIntegrity
- g_CiEnabled
- CheckTokenMembership
- 정보보안기사