Title :
Exploratory study on memory analysis of Windows CE device
Author :
Shumian Yang ; Lianhai Wang ; Shuhui Zhang
Author_Institution :
Shandong Provincial Key Lab. of Comput. Network, Jinan, China
Abstract :
In the field of forensic analysis, Windows CE devices are a real issue for an IT security expert. Memory acquisition and analysis is a weight in Windows CE devices forensic. The paper introduces physical memory acquisition and analysis methods of the different versions in Windows environment and the importance and procedure of memory analysis which is different of Windows CE device. We develop tentatively windows CE device memory analysis tools based on the idea of computer memory analysis and put forward the physical memory analysis method of windows CE device. This paper analyzes the in-memory structures which represent the currently system running processes, threads, mail client username and landed site. The method is verified on Windows Mobile 6.5 operating system and proved reliably and efficiently.
Keywords :
digital forensics; mobile computing; operating systems (computers); storage management; IT security expert; Windows CE device; Windows Mobile 6.5 operating system; computer memory analysis; forensic analysis; in-memory structures; landed site; mail client username; memory analysis; physical memory acquisition; physical memory analysis methods; Computers; Forensics; Instruction sets; Kernel; Mobile handsets; Random access memory; Windows CE device; digital forensics; memory analysis; mobile forensics;
Conference_Titel :
Intelligent Control and Information Processing (ICICIP), 2013 Fourth International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4673-6248-1
DOI :
10.1109/ICICIP.2013.6568120
