On the identification of information extracted from Windows physical memory

Olajide, F ORCID logoORCID: https://orcid.org/0000-0003-1627-6637 and Savage, N, 2012. On the identification of information extracted from Windows physical memory. International Journal for Information Security Research, 2 (3), pp. 164-168. ISSN 2042-4639

[thumbnail of 1597901_Olajide.pdf]
Preview
Text
1597901_Olajide.pdf - Published version

Download (1MB) | Preview

Abstract

Forensic investigation of the physical memory of computer systems is gaining the attention of experts in the digital forensics community. Forensic investigators find it helpful to seize and capture data from the physical memory and perform post-incident analysis when identifying potential evidence. However, there have been few investigations which have identified the quantity and quality of information that can be recovered from only the computer system memory (RAM) while the application is still running. In this paper, we present the results of investigations carried out to identify relevant information that has been extracted from the physical memory of computer systems running Windows XP. We found fragments of partial evidence from allocated memory segments. This evidence was dispersed in the physical memory that had been allocated to the application. The identification of this information is useful to forensic investigators as this approach can uncover what a user is doing on the application which can be used as evidence.

Item Type: Journal article
Publication Title: International Journal for Information Security Research
Creators: Olajide, F. and Savage, N.
Publisher: Infonomics Society
Date: 3 September 2012
Volume: 2
Number: 3
ISSN: 2042-4639
Identifiers:
Number
Type
10.20533/ijisr.2042.4639.2012.0020
DOI
1597901
Other
Divisions: Schools > School of Science and Technology
Record created by: Laura Ward
Date Added: 22 Sep 2022 13:24
Last Modified: 22 Sep 2022 13:24
Related URLs:
URI: https://irep.ntu.ac.uk/id/eprint/47083

Actions (login required)

Edit View Edit View

Statistics

Views

Views per month over past year

Downloads

Downloads per month over past year