A new forensic model and its application to the collection, extraction and long term storage of screen content off a memory dump

Author

Kiltz, Stefan ; Hoppe, Tobias ; Dittmann, Jana

fYear

2009

fDate

5-7 July 2009

Firstpage

1

Lastpage

6

Abstract

In this paper we show how to extract graphics content within a memory dump of a windows-based system. This includes the assurance of integrity and authenticity of evidence gathered this way using cryptographic mechanisms. We introduce a forensic data model and investigate different forensic analysis steps within a phase-oriented manner to classify potential forensic methods. Furthermore we discuss approaches for long term preservation for the forensic data acquired from the memory dumps to ensure authenticity and integrity.

Keywords

cryptography; feature extraction; message authentication; video signal processing; cryptographic mechanism; forensic data model; graphics content extraction; image-video processing; memory dump; phase-oriented manner; windows-based system; Brain modeling; Data analysis; Forensics; Gaussian noise; Image reconstruction; Magnetic resonance imaging; Rician channels; Sensor phenomena and characterization; Signal to noise ratio; Testing; Image/Video Processing Techniques; Information Forensics and Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Digital Signal Processing, 2009 16th International Conference on

Conference_Location

Santorini-Hellas

Print_ISBN

978-1-4244-3297-4

Electronic_ISBN

978-1-4244-3298-1

Type

conf

DOI

10.1109/ICDSP.2009.5201189

Filename

5201189