Analyzing and searching process of internet username and password stored in Random Access Memory (RAM)

Author

Thongjul, Sasithorn ; Tritilanunt, Suratose

Author_Institution

Dept. of Comput. Eng., Mahidol Univ., Nakhon Pathom, Thailand

fYear

2015

fDate

22-24 July 2015

Firstpage

257

Lastpage

262

Abstract

This paper develops a technique to gather and analyze username and password stored in a physical memory or RAM (Random Access Memory). A live memory forensic investigator is able to use this work in order to find the pattern as the “Searching Criteria” for extending the search to other artifacts. The proposed technique uses a quick search algorithm to find the data in the physical memory. By using a proposed technique to harvest username and password from some popular websites, the experiment has been tested by browsing to social network, webmail, internet banking, and some business online shopping websites. Form the artifacts recovered from the physical memory, we find many useful evidences of username and password that are stored in a plaintext format. Finally, these recover evidences can be linked to other artifact.

Keywords

Web sites; authorisation; digital forensics; random-access storage; Internet banking; Internet password analysis process; Internet password search process; Internet user name analysis process; Internet user name search process; RAM; Web browsing; Web mail; business online shopping Web sites; physical memory; plaintext format; quick-search algorithm; random access memory; searching criteria; social network; Algorithm design and analysis; Computers; Electronic mail; Encryption; Forensics; Internet; Random access memory; Random Access Memory; live memory forensic; security of physical memory; volatile data;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Software Engineering (JCSSE), 2015 12th International Joint Conference on

Conference_Location

Songkhla

Type

conf

DOI

10.1109/JCSSE.2015.7219806

Filename

7219806