DocumentCode :
1912044
Title :
Research on Windows Physical Memory Forensic Analysis
Author :
Lianfu Yin
Author_Institution :
Sch. of Math. Phys.& Inf. Eng., Jiaxing Univ., Jiaxing, China
fYear :
2012
fDate :
14-16 Dec. 2012
Firstpage :
493
Lastpage :
496
Abstract :
A plenty of computer evidence cannot be seized from hard disks, they must be seized from physical memory of the computer system, once the computer system is powered off, they will all be disappeared. In this paper, the basic concepts and related works of physical memory forensic analysis are presented, and the key technology of physical memory forensic analysis of Windows systems is investigated. An example about physical memory forensic analysis of Windows system is also given. Finally based on the analysis of the deficiency for the current work on physical memory forensic analysis, future work on the improvement of physical memory forensic analysis is discussed.
Keywords :
digital forensics; storage management; Windows physical memory forensic analysis; Windows system; computer evidence; computer system; computer crime; computer forensics; physical memory forensics;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Information Science and Engineering (ISISE), 2012 International Symposium on
Conference_Location :
Shanghai
ISSN :
2160-1283
Print_ISBN :
978-1-4673-5680-0
Type :
conf
DOI :
10.1109/ISISE.2012.119
Filename :
6495395
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=1912044
بازگشت