Forensic extraction of user information in continuous block of evidence

Tools

Olajide, F. ORCID: 0000-0003-1627-6637 and Savage, N., 2011. Forensic extraction of user information in continuous block of evidence. In: Proceedings of the International Conference on Information Society (i-Society 2011). Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), pp. 476-481. ISBN 9781612841489

Preview

Text
1597809_Olajide.pdf - Published version
Download (3MB) | Preview

Official URL: https://doi.org/10.1109/i-Society18435.2011.597850...

Abstract

Extraction of user information in the physical memory of Windows application is vital in today's digital investigation. Digital forensic community feels the urge for the development of tools and techniques in volatile memory analysis. However, there have been few investigations into the amount of relevant information that can be recovered from the application memory. In this research, we present the quantitative and qualitative results of experiments carried out on Windows applications. In conducting this research; we have identified the most commonly used applications on Windows systems, designed a methodology to capture data and processed that data. This research report the amount of evidence that was stored over time and recovered in continuous block of evidence in the physical memory.

Item Type:

Chapter in book

Description:

Paper presented at the International Conference on Information Society (i-Society 2011), London, 27-29 June 2011.

Creators:

Olajide, F. and Savage, N.

Publisher:

Institute of Electrical and Electronics Engineers (IEEE)

Place of Publication:

Piscataway, NJ

Date:

2011