Research on Extracting System Logged-In Password Forensically from Windows Memory Image File

Author

Lijuan Xu ; Lianhai Wang

Author_Institution

Shandong Provincial Key Lab. of Comput. Network, Shandong Comput. Sci. Center, Jinan, China

fYear

2013

fDate

14-15 Dec. 2013

Firstpage

716

Lastpage

720

Abstract

Forensics analysis of physical memory is a key point in computer living forensics. Most of the research carried out focusing on enumerating processes and threads by accessing memory resident objects. However, collecting case sensitive information from the extracted memory content is import and difficult in computer forensics. Password plaintext is one of the most concerning sensitive information to an investigator. The traditional methods to extract system logged in password plaintext mainly rely on cracker tools, whose success rate depend on the password complexity. The important contribution of the paper is a new technique for extracting system logged-in password plaintext from physical memory. It allows extracting arbitrary length system logged-in password plaintext. The proposed method can extract system logged-in password plaintext of Windows XP and Windows 7.

Keywords

authorisation; digital forensics; file organisation; Windows 7; Windows XP; Windows memory image file; arbitrary length system logged-in password plaintext extraction; computer forensics analysis; password complexity; physical memory forensics analysis; system logged-in password extraction; Computers; Data mining; Digital forensics; Message systems; Operating systems; Security; computer forensics; logged-in password; memory analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence and Security (CIS), 2013 9th International Conference on

Conference_Location

Leshan

Print_ISBN

978-1-4799-2548-3

Type

conf

DOI

10.1109/CIS.2013.156

Filename

6746524