Please download the dossier by clicking on the dossier button x
×

MALWARE INVESTIGATION BY ANALYZING COMPUTER MEMORY

  • US 20110265182A1
  • Filed: 04/27/2010
  • Published: 10/27/2011
  • Est. Priority Date: 04/27/2010
  • Status: Active Grant
First Claim
Patent Images

1. A method for malware investigation by analyzing computer memory of a computing device, comprising:

  • performing static analysis on code for a software environment to form an extended type graph;

    obtaining a raw memory snapshot of the computer memory at runtime, the raw memory snapshot including the software environment executing on the computing device;

    finding dynamic data structures in the raw memory snapshot using the extended type graph to form an object graph;

    defining an authorized memory area having executable code, static data structures, and dynamic data structures; and

    checking function pointers to validate that the function pointers reference a valid memory location in the authorized memory area to validate whether the computer memory is uncompromised.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×