Title :
Consistency Issue on Live Systems Forensics
Author :
Law, Frank Y.W. ; Chow, K.P. ; Kwan, Michael Y.K. ; Lai, Pierre K.Y.
Author_Institution :
Univ. of Hong Kong, Hong Kong
Abstract :
Volatile data, being vital to digital investigation, have become part of the standard items targeted in the course of live response to a computer system. In traditional computer forensics where investigation is carried out on a dead system (e.g. hard disk), data integrity is the first and foremost issue for digital evidence validity in court. In the context of live system forensics, volatile data are acquired from a running system. Due to the ever-changing and volatile nature, it is impossible to verify the integrity of volatile data. Let alone the integrity issue, a more critical problem - data consistency, is present at the data collected on a live system. In this paper, we address and study the consistency issue on live systems forensics. By examining the memory data on a Unix system, we outline a model to distinguish integral data from inconsistent data in a memory dump.
Keywords :
Unix; computer crime; data integrity; Unix system; computer forensics; data consistency; data integrity; dead system; digital evidence validity; live systems forensics; memory data; volatile data; Data acquisition; Data mining; Environmental management; File systems; Forensics; Hard disks; Law; Legal factors; Nonvolatile memory; Operating systems;
Conference_Titel :
Future Generation Communication and Networking (FGCN 2007)
Conference_Location :
Jeju
Print_ISBN :
0-7695-3048-6
DOI :
10.1109/FGCN.2007.93
