Recovery of Skype Application Activity Data from Physical Memory
| Autor: | Matthew Simon, Jill Slay |
|---|---|
| Přispěvatelé: | Simon, Matthew, Slay, Jill, 2010 International Conference on Availability, Reliability and Security ARES 2010 Krakow, Poland 15-18 February 2010 |
| Rok vydání: | 2010 |
| Předmět: |
Multimedia
business.industry Computer science digital evidence Digital forensics electronic evidence volatile memory forensics Computer forensics Encryption computer.software_genre World Wide Web Digital evidence Information and Communications Technology computer forensics The Internet digital investigation Set (psychology) business computer RAM forensics Meaning (linguistics) |
| Zdroj: | ARES |
| DOI: | 10.1109/ares.2010.73 |
| Popis: | The use of Internet based communication technologies has become more prevalent in recent years. Technologies such as Skype provide a highly secure and decentralised method of communication. These technologies may also leave little evidence on static media causing conventional digital forensic processes to be ineffective. This research looks at exploiting physical memory to recover evidence from Internet based communication technologies where conventional methods cannot. The paper first proposes a set of generic target artefacts that defines information that may be targeted for recovery and the meaning that can be inferred from this. A controlled test was then undertaken where Skype was executed and the memory from the target machine collected. The analysis showed that it is feasible to recover the target data as applied to Skype, which would not be otherwise available. As this is the first set of tests of a series, the future direction is also discussed. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|