PROCESS FORENSIC FOR FAST ENTRY SYSTEM CALLS

The process forensics and process state checkpointing mechanisms have always remained challenging for ever changing processor architectures. Process forensics is one of the significant foundation mechanisms for process control and management such as process migration and process checkpoint-restart. The Dynamic process migration and process forensic mechanisms require dynamic state checkpointing of the desired process. At the time of process forensics and process state checkpointing, the process could be running in some system call. Present kernels are adopting sysenter instruction based fast mechanism for system call invocation for present processor architectures. There is an extreme need for availability of open source mechanism for dynamic investigation of system call on present kernels for contemporary architectures. This paper presents a novel kernel-level and open source mechanism for investigating sysenter instruction-based fast entry system calls