Conference Paper: Identifying volatile data from multiple memory dumps in live forensics
| Title | Identifying volatile data from multiple memory dumps in live forensics |
|---|---|
| Authors | Law, F Chan, P Yiu, SM Tang, B Lai, P Chow, KP Ieong, R Kwan, M Hon, WK1 Hui, L |
| Keywords | Live Forensics Memory Analysis Volatile Data |
| Issue Date | 2010 |
| Citation | Ifip Advances In Information And Communication Technology, 2010, v. 337 AICT, p. 185-194 [How to Cite?] DOI: http://dx.doi.org/10.1007/978-3-642-15506-2_13 |
| Abstract | One of the core components of live forensics is to collect and analyze volatile memory data. Since the dynamic analysis of memory is not possible, most live forensic approaches focus on analyzing a single snapshot of a memory dump. Analyzing a single memory dump raises questions about evidence reliability; consequently, a natural extension is to study data from multiple memory dumps. Also important is the need to differentiate static data from dynamic data in the memory dumps; this enables investigators to link evidence based on memory structures and to determine if the evidence is found in a consistent area or a dynamic memory buffer, providing greater confidence in the reliability of the evidence. This paper proposes an indexing data structure for analyzing pages from multiple memory dumps in order to identify static and dynamic pages. © 2010 International Federation for Information Processing. |
| ISSN | 1868-4238 2011 SCImago Journal Rankings: 0.028 |
| DOI | http://dx.doi.org/10.1007/978-3-642-15506-2_13 |
| References | References in Scopus |
| dc.contributor.author | Law, F |
|---|---|
| dc.contributor.author | Chan, P |
| dc.contributor.author | Yiu, SM |
| dc.contributor.author | Tang, B |
| dc.contributor.author | Lai, P |
| dc.contributor.author | Chow, KP |
| dc.contributor.author | Ieong, R |
| dc.contributor.author | Kwan, M |
| dc.contributor.author | Hon, WK |
| dc.contributor.author | Hui, L |
| dc.date.accessioned | 2012-06-26T06:32:10Z |
| dc.date.available | 2012-06-26T06:32:10Z |
| dc.date.issued | 2010 |
| dc.description.abstract | One of the core components of live forensics is to collect and analyze volatile memory data. Since the dynamic analysis of memory is not possible, most live forensic approaches focus on analyzing a single snapshot of a memory dump. Analyzing a single memory dump raises questions about evidence reliability; consequently, a natural extension is to study data from multiple memory dumps. Also important is the need to differentiate static data from dynamic data in the memory dumps; this enables investigators to link evidence based on memory structures and to determine if the evidence is found in a consistent area or a dynamic memory buffer, providing greater confidence in the reliability of the evidence. This paper proposes an indexing data structure for analyzing pages from multiple memory dumps in order to identify static and dynamic pages. © 2010 International Federation for Information Processing. |
| dc.description.nature | Link_to_subscribed_fulltext |
| dc.identifier.citation | Ifip Advances In Information And Communication Technology, 2010, v. 337 AICT, p. 185-194 [How to Cite?] DOI: http://dx.doi.org/10.1007/978-3-642-15506-2_13 |
| dc.identifier.doi | http://dx.doi.org/10.1007/978-3-642-15506-2_13 |
| dc.identifier.epage | 194 |
| dc.identifier.issn | 1868-4238 2011 SCImago Journal Rankings: 0.028 |
| dc.identifier.scopus | eid_2-s2.0-78651108753 |
| dc.identifier.spage | 185 |
| dc.identifier.uri | http://hdl.handle.net/10722/151988 |
| dc.identifier.volume | 337 AICT |
| dc.language | eng |
| dc.relation.ispartof | IFIP Advances in Information and Communication Technology |
| dc.relation.references | References in Scopus |
| dc.subject | Live Forensics |
| dc.subject | Memory Analysis |
| dc.subject | Volatile Data |
| dc.title | Identifying volatile data from multiple memory dumps in live forensics |
| dc.type | Conference_Paper |
Author Affiliations
- National Tsing Hua University