Title :
Password Recovery Using an Evidence Collection Tool and Countermeasures
Author :
Lee, Seokhee ; Savoldi, Antonio ; Lee, Sangjin ; Lim, Jongin
Author_Institution :
Korea Univ., Seoul
Abstract :
In this paper we propose a methodology used to analyse collected pagefiles belonging to public computers using a pagefile collection tool (PCT), which is suitable to be used in a live forensics context. After that, we investigated how to gather sensitive information such as passwords and usernames, which we found in half of the analysed pagefiles. Undoubtedly, this fact can be used by a forensics practitioner to solve the investigation faster, by using such information in order to acquire useful information about a crime. However, if such forensic pagefile collection tool was used as a hacking tool, it could cause leakage of privacy information. To be more precise, it allows easy gathering of critical information such as passwords and credit card numbers. Accordingly, in order to solve this problem, we have proposed a programming methodology to prevent the "swap-out" of sensitive information from main memory to pagefile. Finally, we also proposed a system model to perform the encryption of pagefile memory in order to improve the security of a computer system.
Keywords :
computer crime; cryptography; data privacy; programming; storage management; computer system encryption; credit card numbers; evidence collection tool; forensic pagefile collection tool; hacking tool; live forensics; pagefile memory encryption; password recovery; privacy information leakage; programming methodology; public computers; swap-out prevention; usernames; Automation; Electronic countermeasures; Forensics; Information analysis; Information security; Linux; Operating systems; Performance analysis; Privacy; Universal Serial Bus;
Conference_Titel :
Intelligent Information Hiding and Multimedia Signal Processing, 2007. IIHMSP 2007. Third International Conference on
Conference_Location :
Kaohsiung
Print_ISBN :
978-0-7695-2994-1
DOI :
10.1109/IIH-MSP.2007.238