• DocumentCode
    549444
  • Title

    Forensic extraction of user information in continuous block of evidence

  • Author

    Olajide, F. ; Savage, Neil

  • Author_Institution
    Dept. of Electron. & Comput. Eng., Univ. of Portsmouth, Portsmouth, UK
  • fYear
    2011
  • fDate
    27-29 June 2011
  • Firstpage
    476
  • Lastpage
    481
  • Abstract
    Extraction of user information in the physical memory of Windows application is vital in today´s digital investigation. Digital forensic community feels the urge for the development of tools and techniques in volatile memory analysis. However, there have been few investigations into the amount of relevant information that can be recovered from the application memory. In this research, we present the quantitative and qualitative results of experiments carried out on Windows applications. In conducting this research; we have identified the most commonly used applications on Windows systems, designed a methodology to capture data and processed that data. This research report the amount of evidence that was stored over time and recovered in continuous block of evidence in the physical memory.
  • Keywords
    computer forensics; storage management; Windows application; digital forensic community; forensic extraction; user information; volatile memory analysis; Memory management; User; Windows; application; physical;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Society (i-Society), 2011 International Conference on
  • Conference_Location
    London
  • Print_ISBN
    978-1-61284-148-9
  • Type

    conf

  • Filename
    5978501
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=549444