Title :
Forensic extraction of user information in continuous block of evidence
Author :
Olajide, F. ; Savage, Neil
Author_Institution :
Dept. of Electron. & Comput. Eng., Univ. of Portsmouth, Portsmouth, UK
Abstract :
Extraction of user information in the physical memory of Windows application is vital in today´s digital investigation. Digital forensic community feels the urge for the development of tools and techniques in volatile memory analysis. However, there have been few investigations into the amount of relevant information that can be recovered from the application memory. In this research, we present the quantitative and qualitative results of experiments carried out on Windows applications. In conducting this research; we have identified the most commonly used applications on Windows systems, designed a methodology to capture data and processed that data. This research report the amount of evidence that was stored over time and recovered in continuous block of evidence in the physical memory.
Keywords :
computer forensics; storage management; Windows application; digital forensic community; forensic extraction; user information; volatile memory analysis; Memory management; User; Windows; application; physical;
Conference_Titel :
Information Society (i-Society), 2011 International Conference on
Conference_Location :
London
Print_ISBN :
978-1-61284-148-9
