Analysing and Carving MS Word and PDF Files from RAM Images on Windows
| Autor: | Kubilay Taşdelen, Ahmet Ali Süzen |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2022 |
| Předmět: | |
| Zdroj: | Tehnički Vjesnik, Vol 29, Iss 5, Pp 1714-1720 (2022) |
| Druh dokumentu: | article |
| ISSN: | 1330-3651 1848-6339 |
| DOI: | 10.17559/TV-20210218122046 |
| Popis: | In this study, a piece of software has been developed to recover the readable data by carving MS Word and PDF files from the RAM image. String searching, signature scanning, and data carving methods are used in the design of the software. The analysis was performed on a RAM image of 14 GB by using the software that was developed. The success rate for each file was determined by comparing the recovered data to the data in the original file. It was determined that the rate of data recovery decreases as the size of the MS Word or PDF files loaded onto RAM increases. Consequently, it is aimed to be an important example of obtaining electronic evidence from volatile data in forensic informatics with the proposed study. |
| Databáze: | Directory of Open Access Journals |
| Externí odkaz: |
|