Software Behavior Pattern Prediction

Sometimes we hear voices saying that Linux, FreeBSD, and Mac OS X core dumps are uninteresting. This is not true. If you haven't seen anything interesting there it just simply means that you only encountered a limited amount of abnormal software behavior. The widespread usage of Windows OS means that most patterns have been diagnosed and described first for it and other operating system are waiting for their turn.

Our goal is to have a pattern catalog with examples from different OS. For example, currently all Mac OS X patterns we provide are just examples to existing Windows pattern names. All operating systems share the same structure and behavior, for example, structural memory analysis patterns¹¹² and the same computational model. Although structural patterns are different from behavioral patterns we also plan extending the structural list significantly especially in relation to memory forensics training¹¹³. Regarding behavioral patterns it is possible to model and predict specific pattern examples for another OS by using the already existing catalog.

¹¹² http:/www.dumpanalysis.org/blog/index.php/structural-memory-analysis-patterns/

¹¹³ http://www.patterndiagnostics.com/accelerated-windows-memory-forensics