Windows pagefile collection and analysis for a live forensics context

Proceedings of Future Generation Communication and Networking, FGCN 2007

Volumn 2, Issue , 2007, Pages 97-101

  Lee, Seokhee ^a   Savoldi, Antonio ^b   Lee, Sangjin ^a   Lim, Jongin ^a  

^a Korea University   (South Korea)

^b UNIVERSITY OF BRESCIA   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

FILESYSTEM; LIVE FORENSICS; MEMORY ANALYSIS; VIRTUAL MEMORY; WINDOWS-BASED SYSTEMS;

COMPUTER FORENSICS;

EID: 52149113749     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/fgcn.2007.236     Document Type: Conference Paper

References (15)

1. B. Carrier. File System Forensic Analysis. Addison Wesley, 2005.
2. B. Carrier. Filesystem Foreniscs Analysis. Addison-Wesley, Inc., 2005.
3. H. Carvey. Windows Foreniscs Analysis DVD Toolkit. Addison-Wesley, Inc., 2005.
4. W. Chisum and B. Turvey. Evidence dynamics: Locard's exchange principle and crime reconstruction. Journal of Behavioral Profiling, 1, 2000.
5. K. Kendall and J. Kornblum. Foremost, 2001. Software available at: http://foremost.sourceforge.net/.
6. J. Kornblum. Using every part of the buffalo in windows memory analysis. Digital Investigation, 4:24-29, 2007.
7. S. Lee, H. Kim, S. Lee, and J. Lim. Digital evidence collection process in integrity and memory information gathering. In Proceedings of Systematic Approaches to Digital Forensic Engineering, First International Work-shop, Proc. IEEE, pages 236-247, 2005.
8. S. Lee, A. Savoldi, S. Lee, and J. Lim. Password recovery using an evidence collection tool and countermeasures. In to appear in Proceedings of Intelligent Information Hiding and Multimedia Signal Processing, Proc. IEEE, 2007.
9. K. Li and P. Hudak. Memory coherence in shared virtual memory system. In Transaction on Computer System, Proc. ACM, pages 321-359, 1989.
10. Microsoft. User Mode Process Dumper Version 8.1, 2007. Software available at: http://support.microsoft. com/kb/241215.
11. N. Petroni, A. Walters, T. Fraser, and W. Arbaugh. Fatkit: A framework for the extraction and analysis of digital forensic data from volatile system memory. Digital Investigation, 3:197-210, 2006.
12. S. Rekhis and N. Boudriga. Formal forensic investigation eluding disk-based anti-forensic attacks. In S. Verlag, editor, Workshop on Information Security Applications, LNCS Series, 2005.
13. G. Richard. Scalpel: A frugal, high performance file carver. In Proceedings of Digital Forensics Research Workshop, Proc. IEEE, 2005.
14. J. Rutkowska. Beyond The CPU: Defeating Hardware Based RAM Acquisition Tools (Part I: AMD case). Black Hat Conference DC, 2007.
15. A. Silberschatz and P. Galvin. Operating System Concepts. Syngress Publishing, Inc., 2007.