Persistent systems techniques in forensic acquisition of memory

Huebner, Ewa; Bem, Derek; Henskens, Frans; Wallis, Mark

Title: Persistent systems techniques in forensic acquisition of memory
Creator: Huebner, Ewa; Bem, Derek; Henskens, Frans; Wallis, Mark
Relation: Digital Investigation Vol. 4, Issue 3-4, p. 129-137
Publisher Link: http://dx.doi.org/10.1016/j.diin.2008.02.001
Publisher: Elsevier Advanced Technology
Resource Type: journal article
Date: 2007
Description: In this paper we discuss how operating system design and implementation influence the methodology for computer forensics investigations, with the focus on forensic acquisition of memory. In theory the operating system could support such investigations both in terms of tools for analysis of data and by making the system data readily accessible for analysis. Conventional operating systems such as Windows and UNIX derivatives offer some memory-related tools that are geared towards the analysis of system crashes, rather than forensic investigations. In this paper we demonstrate how techniques developed for persistent operating systems, where lifetime of data is independent of the method of its creation and storage, could support computer forensics investigations delivering higher efficiency and accuracy. It is proposed that some of the features offered by persistent systems could be built into conventional operating systems to make illicit activities easier to identify and analyse. We further propose a new technique for forensically sound acquisition of memory based on the persistence paradigm.
Subject: persistent operating systems; memory persistence; computer forensics; memory forensics; memory acquisition
Identifier: http://hdl.handle.net/1959.13/33147
Identifier: uon:3127
Identifier: ISSN:1742-2876
Language: eng
Full Text
Reviewed

Hits: 3287
Visitors: 4398
Downloads: 1229

		Thumbnail	File	Description	Size	Format
View Details Download			ATTACHMENT01	Author final version	95 KB	Adobe Acrobat PDF	View Details Download