Abstract
Page smear is a phenomenon that occurs when a system’s volatile memory dump is obtained in a non-atomic manner; it’s more common in systems with a lot of RAM and different workloads. It has a considerable impact on the quality and reliability of the forensic artifacts obtained, as well as the analysis of such snapshots. We present SAM, a timeline-based page table state information collection mechanism that enables a reliable memory analysis. It facilitates visualizing inconsistencies in the page table data structure and provides the investigator with a reliable source of page table information to deal with the inconsistent values.
Full Text 
Sign-in/Register to access full text options
Sign-in/Register to access full text options 
Published version (
Free)
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
