Title :
Evaluating the Effect of Loading Forensic Tools on the Volatile Memory for Digital Evidences
Author :
Su, Zhen ; Wang, Lianhai
Author_Institution :
Shandong Comput. Sci. Center, Shandong Polytech. Univ., Jinan, China
Abstract :
The digital data collected in current live forensics is always suspected in terms of integrity and fidelity when viewed as evidence. In this work, trustworthiness of evidence obtained from physical memory image is studied. The trustworthiness of evidence in physical memory image can be addressed as how closely the memory image accurately or truthfully represents the real memory of the target machine. Firstly, based on a physical memory analysis model, the effect of memory acquisition tool on live forensic evidence is analyzed. Then, two aspects are analyzed to evaluate the extent of memory change. A formula using probability theory and mathematical statistics is given to quantitatively calculate the degree of memory change. At last, through the experimental analyses, the influences of key traces are analyzed, and the trusted probability of the live forensics tool is assessed and calculated.
Keywords :
computer forensics; probability; statistical analysis; digital data; digital evidence; forensic tool; live forensic evidence; mathematical statistics; memory acquisition tool; memory change; physical memory analysis; physical memory image; probability theory; trusted probability; trustworthiness; volatile memory; Computers; Digital forensics; Measurement uncertainty; Software; Uncertainty; computer forensics; live forensics; trusted probability; volatile memory;
Conference_Titel :
Computational Intelligence and Security (CIS), 2011 Seventh International Conference on
Conference_Location :
Hainan
Print_ISBN :
978-1-4577-2008-6
DOI :
10.1109/CIS.2011.181
