Enhancement of Forensic Computing Investigations through Memory Forensic Techniques

2009 International Conference on Availability, Reliability and Security Pub Date : 2009-03-16 DOI:10.1109/ARES.2009.119

Matthew Simon, J. Slay

{"title":"Enhancement of Forensic Computing Investigations through Memory Forensic Techniques","authors":"Matthew Simon, J. Slay","doi":"10.1109/ARES.2009.119","DOIUrl":null,"url":null,"abstract":"The use of memory forensic techniques has the potential to enhance computer forensic investigations. The analysis of digital evidence is facing several key challenges; an increase in electronic devices, network connections and bandwidth, the use of anti-forensic technologies and the development of network centric applications and technologies has lead to less potential evidence stored on static media and increased amounts of data stored off-system. Memory forensic techniques have the potential to overcome these issues in forensic analysis. While much of the current research in memory forensics has been focussed on low-level data, there is a need for research to extract high-level data from physical memory as a means of providing forensic investigators with greater insight into a target system. This paper outlines the need for further research into memory forensic techniques. In particular it stresses the need for methods and techniques for understanding context on a system and also as a means of augmenting other data sources to provide a more complete and efficient searching of investigations.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"27","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2009.119","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 27

Abstract

The use of memory forensic techniques has the potential to enhance computer forensic investigations. The analysis of digital evidence is facing several key challenges; an increase in electronic devices, network connections and bandwidth, the use of anti-forensic technologies and the development of network centric applications and technologies has lead to less potential evidence stored on static media and increased amounts of data stored off-system. Memory forensic techniques have the potential to overcome these issues in forensic analysis. While much of the current research in memory forensics has been focussed on low-level data, there is a need for research to extract high-level data from physical memory as a means of providing forensic investigators with greater insight into a target system. This paper outlines the need for further research into memory forensic techniques. In particular it stresses the need for methods and techniques for understanding context on a system and also as a means of augmenting other data sources to provide a more complete and efficient searching of investigations.

查看原文本刊更多论文

利用记忆法证技术加强法务计算调查

记忆取证技术的使用有可能增强计算机取证调查。数字证据的分析面临着几个关键挑战;电子设备、网络连接和带宽的增加、反取证技术的使用以及以网络为中心的应用和技术的发展，导致存储在静态媒体上的潜在证据减少，而存储在系统外的数据量增加。记忆取证技术有潜力克服取证分析中的这些问题。虽然目前内存取证的大部分研究都集中在低级数据上，但有必要从物理内存中提取高级数据，作为一种为取证调查人员提供更深入了解目标系统的手段。本文概述了进一步研究记忆取证技术的必要性。它特别强调需要方法和技术来了解一个系统的背景，并作为增加其他数据来源的一种手段，以提供更完整和有效的调查搜索。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2009 International Conference on Availability, Reliability and Security

自引率

0.00%

发文量