• DocumentCode
    1753890
  • Title

    On the extraction of forensically relevant information from physical memory

  • Author

    Olajide, Funminiyi ; Savage, Nick

  • Author_Institution
    Dept. of Electron. & Comput. Eng., Univ. of Portsmouth, Portsmouth, UK
  • fYear
    2011
  • fDate
    21-23 Feb. 2011
  • Firstpage
    248
  • Lastpage
    252
  • Abstract
    Most of the effort in today´s digital investigations centres on the data collection and analysis of existing information from the hard disks of computer systems. Little has been done on the level of information that can be recovered from only the computer system memory (RAM) while the application is still running. In this paper, we present the results of an investigation into the extraction of forensically relevant information from physical memory. We also present our findings of the most commonly used applications on a windows system. The information extracted from physical memory relates to what the user was doing at the time of the capture, and before the capture, of the physical memory evidence.
  • Keywords
    computer forensics; operating systems (computers); random-access storage; Windows system; data analysis; data collection; digital investigation; information extraction; information forensics; random access memory; Computers; Data mining; Digital forensics; Memory management; Object recognition; Random access memory;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Internet Security (WorldCIS), 2011 World Congress on
  • Conference_Location
    London
  • Print_ISBN
    978-1-4244-8879-7
  • Electronic_ISBN
    978-0-9564263-7-6
  • Type

    conf

  • Filename
    5749861
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1753890