File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Conference Paper: Consistency Issue on Live Systems Forensics

TitleConsistency Issue on Live Systems Forensics
Authors
Issue Date2007
Citation
Proceedings Of Future Generation Communication And Networking, Fgcn 2007, 2007, v. 2, p. 136-140 How to Cite?
AbstractVolatile data, being vital to digital investigation, have become part of the standard items targeted in the course of live response to a computer system. In traditional computer forensics where investigation is carried out on a dead system (e.g. hard disk), data integrity is the first and foremost issue for digital evidence validity in court. In the context of live system forensics, volatile data are acquired from a running system. Due to the ever-changing and volatile nature, it is impossible to verify the integrity of volatile data. Let alone the integrity issue, a more critical problem - data consistency, is present at the data collected on a live system. In this paper, we address and study the consistency issue on live systems forensics. By examining the memory data on a Unix system, we outline a model to distinguish integral data from inconsistent data in a memory dump.
Persistent Identifierhttp://hdl.handle.net/10722/151926
ISBN
ISSN
References

 

DC FieldValueLanguage
dc.contributor.authorLaw, FYWen_US
dc.contributor.authorChow, KPen_US
dc.contributor.authorKwan, MYKen_US
dc.contributor.authorLai, PKYen_US
dc.date.accessioned2012-06-26T06:30:56Z-
dc.date.available2012-06-26T06:30:56Z-
dc.date.issued2007en_US
dc.identifier.citationProceedings Of Future Generation Communication And Networking, Fgcn 2007, 2007, v. 2, p. 136-140en_US
dc.identifier.isbn0-7695-3048-6-
dc.identifier.issn2153-1447-
dc.identifier.urihttp://hdl.handle.net/10722/151926-
dc.description.abstractVolatile data, being vital to digital investigation, have become part of the standard items targeted in the course of live response to a computer system. In traditional computer forensics where investigation is carried out on a dead system (e.g. hard disk), data integrity is the first and foremost issue for digital evidence validity in court. In the context of live system forensics, volatile data are acquired from a running system. Due to the ever-changing and volatile nature, it is impossible to verify the integrity of volatile data. Let alone the integrity issue, a more critical problem - data consistency, is present at the data collected on a live system. In this paper, we address and study the consistency issue on live systems forensics. By examining the memory data on a Unix system, we outline a model to distinguish integral data from inconsistent data in a memory dump.en_US
dc.languageengen_US
dc.relation.ispartofProceedings of Future Generation Communication and Networking, FGCN 2007en_US
dc.titleConsistency Issue on Live Systems Forensicsen_US
dc.typeConference_Paperen_US
dc.identifier.emailChow, KP:chow@cs.hku.hken_US
dc.identifier.authorityChow, KP=rp00111en_US
dc.description.naturelink_to_subscribed_fulltexten_US
dc.identifier.doi10.1109/FGCN.2007.93-
dc.identifier.scopuseid_2-s2.0-52249105372en_US
dc.identifier.hkuros152348-
dc.relation.referenceshttp://www.scopus.com/mlt/select.url?eid=2-s2.0-52249105372&selection=ref&src=s&origin=recordpageen_US
dc.identifier.volume2en_US
dc.identifier.spage136en_US
dc.identifier.epage140en_US
dc.identifier.scopusauthoridLaw, FYW=19640490000en_US
dc.identifier.scopusauthoridChow, KP=7202180751en_US
dc.identifier.scopusauthoridKwan, MYK=19640239200en_US
dc.identifier.scopusauthoridLai, PKY=19640260600en_US

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats