Digital forensic research — The analysis of user input on volatile memory of Windows application

Author

Olajide, Funminiyi ; Savage, Nick ; Akmayeva, Galyna ; Shoniregun, Charles

Author_Institution

Sch. of Eng., Univ. of Portsmouth, Portsmouth, UK

fYear

2012

fDate

10-12 June 2012

Firstpage

231

Lastpage

238

Abstract

This paper presents digital forensics analysis of user input on volatile memory of Windows applications. Identification of user input activities on Windows applications has become vital in forensic digital investigation. The extraction of user input information from physical memory may reveal useful information that could be used as evidence in crime cases; the information that may not be found on traditional hard disk forensic investigations. Digital forensic community feels the urge for the development of tools and techniques in volatile memory analysis. However, there have been few investigations into the amount of information that can be recovered from the application memory. This research reports the amount of evidence stored over time in Windows physical memory including, the quantitative and qualitative results of the experiments carried out on some commonly used Windows applications.

Keywords

computer forensics; operating systems (computers); Windows application; Windows physical memory; digital forensic community; digital forensic research; forensic digital investigation; hard disk forensic investigations; user input analysis; volatile memory; Computers; Data mining; Electronic mail; Forensics; Internet; Memory management; Random access memory; Digital; Windows; analysis; applications; forensic; memory; physical; user;

fLanguage

English

Publisher

ieee

Conference_Titel

Internet Security (WorldCIS), 2012 World Congress on

Conference_Location

Guelph, ON

Print_ISBN

978-1-4673-1108-3

Type

conf

Filename

6280184