• DocumentCode
    2714701
  • Title

    Windows Pagefile Collection and Analysis for a Live Forensics Context

  • Author

    Lee, Seokhee ; Savoldi, Antonio ; Lee, Sangjin ; Lim, Jongin

  • Author_Institution
    Korea Univ., Seoul
  • Volume
    2
  • fYear
    2007
  • fDate
    6-8 Dec. 2007
  • Firstpage
    97
  • Lastpage
    101
  • Abstract
    The aim of this paper is to present a new tool, the Page-file Collection Tool (PCT), which can be used to obtain a pagefile on a live Windows based system. It is a known fact that a pagefile on a live system is protected by the operating system, which uses it in the virtual memory context. By using the NTFS filesystem specifications we were able to reconstruct the full pagefile, which can be used by a forensics expert to carve out further and precious information in the memory analysis field.
  • Keywords
    file organisation; operating systems (computers); program diagnostics; user interfaces; NTFS filesystem specifications; Page-file Collection Tool; Windows pagefile collection; live Windows based system; live forensics context; memory analysis field; operating system; virtual memory; Automation; Data mining; Forensics; Hardware; Information analysis; Information security; Operating systems; Protection; Random access memory; Upper bound;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Future Generation Communication and Networking (FGCN 2007)
  • Conference_Location
    Jeju
  • Print_ISBN
    0-7695-3048-6
  • Type

    conf

  • DOI
    10.1109/FGCN.2007.236
  • Filename
    4426211
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2714701