Holistic Approach for Memory Analysis in Windows System

by K. A. Z. Ariffin,A.K Mahmood,J. Jaafar,S. Shamsuddin
( Department of Digital Forensic CyberSecurity Malaysia, Department of Computer Information Science Universiti Teknologi Petronas, Department of Research CyberSecurity Malaysia )

Date Published: 02 Dec 2013
Published In: Information Systems International Conference (ISICO)
Volume: 2013
Publisher: Departemen Sistem Informasi, Institut Teknologi Sepuluh Nopember
Language: id-ID

Keywords: Information Forensic,Digital Forensic,Algorithms,Memory Analysis,Signature Search

Abstract

Research on computer memory analysis has been quite intensive in the past years. A number of tools and techniques have been designed and developed to retrieve critical information from the computer memory. However, most of the tools and techniques have their limitation in the ability to retrieve important information. Hence, in the present study, an alternative approach is proposed to combine the process signature search with page table tracking in order to trace all objects that link with the process block. The result from the experiment shows that the new approach is able to retrieve a large number of objects that link with the process block. A good comparison with the previous studies is conducted as to test the efficiency of the new approach.


© 2019 Open Access Journal of Information Systems (OAJIS) | created by : radityo p.w (http://about.me/radityopw) and rully a.h (eraha99 [at] gmail.com)