Title :
On the extraction of forensically relevant information from physical memory
Author :
Olajide, Funminiyi ; Savage, Nick
Author_Institution :
Dept. of Electron. & Comput. Eng., Univ. of Portsmouth, Portsmouth, UK
Abstract :
Most of the effort in today´s digital investigations centres on the data collection and analysis of existing information from the hard disks of computer systems. Little has been done on the level of information that can be recovered from only the computer system memory (RAM) while the application is still running. In this paper, we present the results of an investigation into the extraction of forensically relevant information from physical memory. We also present our findings of the most commonly used applications on a windows system. The information extracted from physical memory relates to what the user was doing at the time of the capture, and before the capture, of the physical memory evidence.
Keywords :
computer forensics; operating systems (computers); random-access storage; Windows system; data analysis; data collection; digital investigation; information extraction; information forensics; random access memory; Computers; Data mining; Digital forensics; Memory management; Object recognition; Random access memory;
Conference_Titel :
Internet Security (WorldCIS), 2011 World Congress on
Conference_Location :
London
Print_ISBN :
978-1-4244-8879-7
Electronic_ISBN :
978-0-9564263-7-6
