DocumentCode :
567361
Title :
Extracting forensically relevant information from windows application
Author :
Olajide, Funminiyi ; Savage, Nick ; Akmayeva, Galyna ; Shoniregun, Charles
Author_Institution :
Sch. of Eng., Univ. of Portsmouth, Portsmouth, UK
fYear :
2012
fDate :
25-28 June 2012
Firstpage :
423
Lastpage :
428
Abstract :
In this paper, we present the method of investigating and extracting forensically relevant information from the physical memory of Windows systems. This approach revealed the extracted evidence dispersed in the physical memory of an application. The result shows a coherent view of user input on applications with over 96% of user input stored on Word and 94% in PowerPoint. The mean value of the user input found, the user input repeated in the memory and the user input found in continuous blocks will be presented.
Keywords :
computer forensics; information retrieval; user interfaces; Windows application; Windows systems; continuous blocks; digital forensics; evidence extraction; forensically relevant information extraction; physical memory; user input; Silicon compounds; Tin; Digital Forensic; Windows; evidence; physical memory; user input;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Information Society (i-Society), 2012 International Conference on
Conference_Location :
London
Print_ISBN :
978-1-4673-0838-0
Type :
conf
Filename :
6285008
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=567361
بازگشت