( Department of Digital Forensic CyberSecurity Malaysia, Department of Computer Information Science Universiti Teknologi Petronas, Department of Research CyberSecurity Malaysia )
Keywords: Information Forensic,Digital Forensic,Algorithms,Memory Analysis,Signature Search
Research on computer memory analysis has been quite intensive in the past years. A number of tools and techniques have been designed and developed to retrieve critical information from the computer memory. However, most of the tools and techniques have their limitation in the ability to retrieve important information. Hence, in the present study, an alternative approach is proposed to combine the process signature search with page table tracking in order to trace all objects that link with the process block. The result from the experiment shows that the new approach is able to retrieve a large number of objects that link with the process block. A good comparison with the previous studies is conducted as to test the efficiency of the new approach.