Olajide, F ORCID: https://orcid.org/0000-0003-1627-6637 and Savage, N, 2012. On the identification of information extracted from Windows physical memory. International Journal for Information Security Research, 2 (3), pp. 164-168. ISSN 2042-4639
Preview |
Text
1597901_Olajide.pdf - Published version Download (1MB) | Preview |
Abstract
Forensic investigation of the physical memory of computer systems is gaining the attention of experts in the digital forensics community. Forensic investigators find it helpful to seize and capture data from the physical memory and perform post-incident analysis when identifying potential evidence. However, there have been few investigations which have identified the quantity and quality of information that can be recovered from only the computer system memory (RAM) while the application is still running. In this paper, we present the results of investigations carried out to identify relevant information that has been extracted from the physical memory of computer systems running Windows XP. We found fragments of partial evidence from allocated memory segments. This evidence was dispersed in the physical memory that had been allocated to the application. The identification of this information is useful to forensic investigators as this approach can uncover what a user is doing on the application which can be used as evidence.
Item Type: | Journal article |
---|---|
Publication Title: | International Journal for Information Security Research |
Creators: | Olajide, F. and Savage, N. |
Publisher: | Infonomics Society |
Date: | 3 September 2012 |
Volume: | 2 |
Number: | 3 |
ISSN: | 2042-4639 |
Identifiers: | Number Type 10.20533/ijisr.2042.4639.2012.0020 DOI 1597901 Other |
Divisions: | Schools > School of Science and Technology |
Record created by: | Laura Ward |
Date Added: | 22 Sep 2022 13:24 |
Last Modified: | 22 Sep 2022 13:24 |
Related URLs: | |
URI: | https://irep.ntu.ac.uk/id/eprint/47083 |
Actions (login required)
Edit View |
Statistics
Views
Views per month over past year
Downloads
Downloads per month over past year