【摘要】 微信是目前公众使用频率极高的一款即时通信软件,为公众带来极大的便利。但同时也给不法分子带来新的机会,许多违法犯罪行为在微信平台上发生。设计一种PC版微信的内存分析方法,借助第三方工具pmdump得到微信应用的内存文件并对其进行分析,描述该方法的思路和具体步骤。特别针对文本、表情等多种不同类型信息撤回时,对内存文件中的特征变化进行分析。该方法对于微信应用的内存取证分析、撤回信息分析的应用场景具有一定参考价值。更多还原

【Abstract】 Nowadays,Wechat is a kind of instant messaging software with high frequency used by the public.It brings great convenience to the public.However,it also brings new opportunities to the lawless persons.Many criminal activities take place on the platform of WeChat.The paper designed memory analysis method for WeChat in PC version.The third-party tool pmdump was utilized to get memory files in WeChat and the files were analyzed.We described the ideas and concrete steps.The feature changes in the memory file were analyzed especially when text,expression and other different types of information were revoked.This method has a certain reference for the application scenarios in which we need to analyze the memory forensics and the revoking message in WeChat.更多还原