Title :
Research on Extracting System Logged-In Password Forensically from Windows Memory Image File
Author :
Lijuan Xu ; Lianhai Wang
Author_Institution :
Shandong Provincial Key Lab. of Comput. Network, Shandong Comput. Sci. Center, Jinan, China
Abstract :
Forensics analysis of physical memory is a key point in computer living forensics. Most of the research carried out focusing on enumerating processes and threads by accessing memory resident objects. However, collecting case sensitive information from the extracted memory content is import and difficult in computer forensics. Password plaintext is one of the most concerning sensitive information to an investigator. The traditional methods to extract system logged in password plaintext mainly rely on cracker tools, whose success rate depend on the password complexity. The important contribution of the paper is a new technique for extracting system logged-in password plaintext from physical memory. It allows extracting arbitrary length system logged-in password plaintext. The proposed method can extract system logged-in password plaintext of Windows XP and Windows 7.
Keywords :
authorisation; digital forensics; file organisation; Windows 7; Windows XP; Windows memory image file; arbitrary length system logged-in password plaintext extraction; computer forensics analysis; password complexity; physical memory forensics analysis; system logged-in password extraction; Computers; Data mining; Digital forensics; Message systems; Operating systems; Security; computer forensics; logged-in password; memory analysis;
Conference_Titel :
Computational Intelligence and Security (CIS), 2013 9th International Conference on
Conference_Location :
Leshan
Print_ISBN :
978-1-4799-2548-3
DOI :
10.1109/CIS.2013.156
