Enhancement of Forensic Computing Investigations through Memory Forensic Techniques
| Autor: | Matthew Simon, Jill Slay |
|---|---|
| Přispěvatelé: | Simon, Matthew, Slay, Jill, 2009 International Conference on Availability, Reliability and Security ARES 2009 Fukuoka, Japan 16-19 March 2009 |
| Rok vydání: | 2009 |
| Předmět: |
business.industry
Computer science digital evidence electronic evidence Context (language use) Cryptography volatile memory forensics Computer forensics Data science Memory forensics Forensic science World Wide Web Software Digital evidence computer forensics Key (cryptography) business digital inverstigation RAM forensics |
| Zdroj: | ARES |
| DOI: | 10.1109/ares.2009.119 |
| Popis: | The use of memory forensic techniques has the potential to enhance computer forensic investigations. The analysis of digital evidence is facing several key challenges; an increase in electronic devices, network connections and bandwidth, the use of anti-forensic technologies and the development of network centric applications and technologies has lead to less potential evidence stored on static media and increased amounts of data stored off-system. Memory forensic techniques have the potential to overcome these issues in forensic analysis. While much of the current research in memory forensics has been focused on low-level data, there is a need for research to extract high-level data from physical memory as a means of providing forensic investigators with greater insight into a target system. This paper outlines the need for further research into memory forensic techniques. In particular it stresses the need for methods and techniques for understanding context on a system and also as a means of augmenting other data sources to provide a more complete and efficient searching of investigations. Refereed/Peer-reviewed |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|