{"title":"在连续取证块中提取用户信息","authors":"F. Olajide, N. Savage","doi":"10.1109/I-SOCIETY18435.2011.5978501","DOIUrl":null,"url":null,"abstract":"Extraction of user information in the physical memory of Windows application is vital in today's digital investigation. Digital forensic community feels the urge for the development of tools and techniques in volatile memory analysis. However, there have been few investigations into the amount of relevant information that can be recovered from the application memory. In this research, we present the quantitative and qualitative results of experiments carried out on Windows applications. In conducting this research; we have identified the most commonly used applications on Windows systems, designed a methodology to capture data and processed that data. This research report the amount of evidence that was stored over time and recovered in continuous block of evidence in the physical memory.","PeriodicalId":158246,"journal":{"name":"International Conference on Information Society (i-Society 2011)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Forensic extraction of user information in continuous block of evidence\",\"authors\":\"F. Olajide, N. Savage\",\"doi\":\"10.1109/I-SOCIETY18435.2011.5978501\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Extraction of user information in the physical memory of Windows application is vital in today's digital investigation. Digital forensic community feels the urge for the development of tools and techniques in volatile memory analysis. However, there have been few investigations into the amount of relevant information that can be recovered from the application memory. In this research, we present the quantitative and qualitative results of experiments carried out on Windows applications. In conducting this research; we have identified the most commonly used applications on Windows systems, designed a methodology to capture data and processed that data. This research report the amount of evidence that was stored over time and recovered in continuous block of evidence in the physical memory.\",\"PeriodicalId\":158246,\"journal\":{\"name\":\"International Conference on Information Society (i-Society 2011)\",\"volume\":\"24 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference on Information Society (i-Society 2011)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/I-SOCIETY18435.2011.5978501\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Information Society (i-Society 2011)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I-SOCIETY18435.2011.5978501","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Forensic extraction of user information in continuous block of evidence
Extraction of user information in the physical memory of Windows application is vital in today's digital investigation. Digital forensic community feels the urge for the development of tools and techniques in volatile memory analysis. However, there have been few investigations into the amount of relevant information that can be recovered from the application memory. In this research, we present the quantitative and qualitative results of experiments carried out on Windows applications. In conducting this research; we have identified the most commonly used applications on Windows systems, designed a methodology to capture data and processed that data. This research report the amount of evidence that was stored over time and recovered in continuous block of evidence in the physical memory.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
