Title :
Recovery of Pidgin Chat Communication Artefacts from Physical Memory: A Pilot Test to Determine Feasibility
Author :
Simon, Matthew Phillip ; Slay, Jill
Author_Institution :
Adv. Comput. Res. Centre, Univ. of South Australia, Adelaide, SA, Australia
Abstract :
This research describes a study that looks at the feasibility of extracting remnant information about an instant message client from physical memory. The research goal was to gather information about the target application in order to assess the viability of creating methods to recover specific data about its use. The study consists of a formal experiment where the application is used and the physical memory collected at various points. The memory image was then interrogated to assess whether remnant data could be recovered. The study shows that it is feasible to recover data about the target application.
Keywords :
computer forensics; electronic messaging; data recovery; instant message client; physical memory; pidgin chat communication artefacts; remnant information extraction; Encryption; Forensics; Google; History; Random access memory; Software; Computer forensics; Digital evidence; Digital investigation; Electronic evidence; Google Chat; RAM forensics; Tor; Volatile memory forensics;
Conference_Titel :
Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
Conference_Location :
Vienna
Print_ISBN :
978-1-4577-0979-1
Electronic_ISBN :
978-0-7695-4485-4
DOI :
10.1109/ARES.2011.33
