DocumentCode
2205733
Title
A Model of Computer Live Forensics Based on Physical Memory Analysis
Author
Wang, Lianhai ; Zhang, Ruichao ; Zhang, Shuhui
Author_Institution
Shandong Comput. Sci. Center, Jinan, China
fYear
2009
fDate
26-28 Dec. 2009
Firstpage
4647
Lastpage
4649
Abstract
This paper provides a look at some of the shortcomings of current approaches to live forensics. On this basis, a model of computer live forensics based on physical memory analysis is proposed. The model can be used to effectively address many of the challenges facing the conventional live forensics. Then taking the credibility of digital evidence as a starting point, the issue of credibility of live forensic is then put forward for study. Finally, methods of credibility calculation are given through probabilistic and statistical computing. This work may help to improve the scientific credibility of the digital evidence acquired by live forensic in current practice.
Keywords
computer forensics; statistical analysis; computer live forensics; digital evidence; physical memory analysis; probabilistic computing; statistical computing; Computer crime; Computer hacking; Computer science; Digital forensics; Humans; Image analysis; Information analysis; Information science; Kernel; Physics computing;
fLanguage
English
Publisher
ieee
Conference_Titel
Information Science and Engineering (ICISE), 2009 1st International Conference on
Conference_Location
Nanjing
Print_ISBN
978-1-4244-4909-5
Type
conf
DOI
10.1109/ICISE.2009.69
Filename
5454440
Link To Document