Voletile Memory Investigator

سال انتشار: 1395
نوع سند: مقاله کنفرانسی
زبان: انگلیسی
مشاهده: 593

فایل این مقاله در 5 صفحه با فرمت PDF قابل دریافت می باشد

استخراج به نرم افزارهای پژوهشی:

لینک ثابت به این مقاله:

شناسه ملی سند علمی:

ICTCK03_057

تاریخ نمایه سازی: 10 تیر 1396

چکیده مقاله:

While static examination of computer systems is an important part of many digital forensics investigations, there are often important system properties present only in volatile memory that cannot be effectively recovered using static analysis techniques, such as offline hard disk acquisition and analysis. An alternative approach, involving the live analysis of target systems to uncover this volatile data, presents significant risks and challenges to forensic investigators. Memory is the most important part in doing an investigation in a forensic manner sound. The volatile information is the most important part of the computer to conduct a digital investigation as it contains a lot of information from any active current user. The acquisition of volatile memory from a compromised computer is difficult to perform reliably because the acquisition procedure should not rely on untrusted code, such as the operating system or applications executing on top of it. This paper will compare different tools of memory investigator and present a procedure for acquiring volatile memory. Finally, it analyses which is suitable to be used to retrieved different kind of information from the memory.

کلیدواژه ها:

Physical Memory ، Volatile Memory ، Non-Volatile Memory and Memory Forensic

نویسندگان

Maryam Shahpasand

dept. Network,Security and Forensic Asia Pacific University of Technology & Innovation (APU) Kuala Lumpur, Malaysia

Sheroline Estephen

dept. Network,Security and Forensic Asia Pacific University of Technology & Innovation (APU)Kuala Lumpur, Malaysia

مراجع و منابع این مقاله:

لیست زیر مراجع و منابع استفاده شده در این مقاله را نمایش می دهد. این مراجع به صورت کاملا ماشینی و بر اساس هوش مصنوعی استخراج شده اند و لذا ممکن است دارای اشکالاتی باشند که به مرور زمان دقت استخراج این محتوا افزایش می یابد. مراجعی که مقالات مربوط به آنها در سیویلیکا نمایه شده و پیدا شده اند، به خود مقاله لینک شده اند :
  • "Forensic Analysi of The Windows Registry in Memory", System Digital ...
  • G. Limon, Forensic physical memory analysis: an overview of tools ...
  • P. M and B. D, "Forensic Tools used in Digital ...
  • j"asynchronous adaptive anti-aliasing using shared memory", ACM Transactions on Graphics ...
  • I. H, A. F and J. R, Visualization in testing ...
  • K. J, Windows Memory Analysis. 2010 . ...
  • "Review of Live Forensic Analysis Techniques", International Journal of Hybrid ...
  • , no. 2, pp. 379 -388, 2015 . ...
  • W. Hsien and K Yi Huang, "Data Sorting in Flash ...
  • "What is Non-volatile?", Computerhope .com, 2016 . Available: ...
  • http ://www. computerhope .com/j argon/n/nonvo lat.htm. [Accessed: 20- Aug- 2016]. ...
  • "What is nonvolatile storage (NVS)? _ Definition from WhatIs.com", SearchStorage, ...
  • F. Mithcell, Use of Artificial Intelligence in Digital Forensics: An ...
  • pro d i S co ver-incident-re sponse-74 /review/3876 /#. [Accessed: ...
  • "The Sleuth Kit (TSK) & Autopsy: Open Source Digital Forensics ...
  • نمایش کامل مراجع