Title :
Recovery of Skype Application Activity Data from Physical Memory
Author :
Simon, Matthew ; Slay, Jill
Author_Institution :
Defence & Syst. Inst. (DASI), Univ. of South Australia, Adelaide, SA, Australia
Abstract :
The use of Internet based communication technologies has become more prevalent in recent years. Technologies such as Skype provide a highly secure and decentralised method of communication. These technologies may also leave little evidence on static media causing conventional digital forensic processes to be ineffective. This research looks at exploiting physical memory to recover evidence from Internet based communication technologies where conventional methods cannot. The paper first proposes a set of generic target artefacts that defines information that may be targeted for recovery and the meaning that can be inferred from this. A controlled test was then undertaken where Skype was executed and the memory from the target machine collected. The analysis showed that it is feasible to recover the target data as applied to Skype, which would not be otherwise available. As this is the first set of tests of a series, the future direction is also discussed.
Keywords :
Internet; computer forensics; information retrieval; Internet based communication technologies; Skype application activity data; computer forensics; information recovery; physical memory; Australia; Availability; Communication system security; Communications technology; Data security; Digital forensics; Internet; Operating systems; Space technology; Testing; Computer forensics; Digital evidence; Digital investigation; Electronic evidence; RAM forensics; Volatile memory forensics;
Conference_Titel :
Availability, Reliability, and Security, 2010. ARES '10 International Conference on
Conference_Location :
Krakow
Print_ISBN :
978-1-4244-5879-0
DOI :
10.1109/ARES.2010.73
