DocumentCode :
2714701
Title :
Windows Pagefile Collection and Analysis for a Live Forensics Context
Author :
Lee, Seokhee ; Savoldi, Antonio ; Lee, Sangjin ; Lim, Jongin
Author_Institution :
Korea Univ., Seoul
Volume :
2
fYear :
2007
fDate :
6-8 Dec. 2007
Firstpage :
97
Lastpage :
101
Abstract :
The aim of this paper is to present a new tool, the Page-file Collection Tool (PCT), which can be used to obtain a pagefile on a live Windows based system. It is a known fact that a pagefile on a live system is protected by the operating system, which uses it in the virtual memory context. By using the NTFS filesystem specifications we were able to reconstruct the full pagefile, which can be used by a forensics expert to carve out further and precious information in the memory analysis field.
Keywords :
file organisation; operating systems (computers); program diagnostics; user interfaces; NTFS filesystem specifications; Page-file Collection Tool; Windows pagefile collection; live Windows based system; live forensics context; memory analysis field; operating system; virtual memory; Automation; Data mining; Forensics; Hardware; Information analysis; Information security; Operating systems; Protection; Random access memory; Upper bound;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Future Generation Communication and Networking (FGCN 2007)
Conference_Location :
Jeju
Print_ISBN :
0-7695-3048-6
Type :
conf
DOI :
10.1109/FGCN.2007.236
Filename :
4426211
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2714701
بازگشت