Identifying and finding forensic evidence from Windows application

Tools

Olajide, F. ORCID: 0000-0003-1627-6637, Savage, N., Akmayeva, G. and Shoniregun, C., 2012. Identifying and finding forensic evidence from Windows application. Journal of Internet Technology and Secured Transactions, 1 (4), pp. 117-122. ISSN 2046-3723

Preview

Text
1597830_Olajide.pdf - Published version
Download (1MB) | Preview

Official URL: https://doi.org/10.20533/jitst.2046.3723.2012.0016

Abstract

This paper presents the method of identifying and finding forensic evidence from the volatile memory of Windows computer systems. This is a scenario-based investigation on what amount of user input can be recovered when application is opened and images are captured at set interval while Windows system is still actively running. This approach of digital investigation revealed the extracted evidence of user input stored and as dispersed on the application memory of Windows system. In this experiment, the result shows a coherent view of user input on some commonly used applications with over 39% of user input stored on MS Access and 44% was stored on Excel. The quantitative assessment of user input will be presented on the basis of the repeated number of user input recovered, the percentage of user input found and the length of evidence found in a continuous block of the application memory.

Item Type:

Journal article

Publication Title:

Journal of Internet Technology and Secured Transactions

Creators:

Olajide, F., Savage, N., Akmayeva, G. and Shoniregun, C.

Publisher:

Infonomics Society

Date:

5 December 2012

Volume:

Number: