A Survey of Main Memory Acquisition and Analysis Techniques for the Windows Operating System

Beitrag in einer Fachzeitschrift
(Originalarbeit)


Details zur Publikation

Autorinnen und Autoren: Vömel S, Freiling F
Zeitschrift: Digital Investigation
Verlag: Elsevier
Jahr der Veröffentlichung: 2011
Band: 8
Heftnummer: 1
Seitenbereich: 3-22
ISSN: 1742-2876
eISSN: 1873-202X


Abstract

Traditional, persistent data-oriented approaches in computer forensics face some limitations regarding a number of technological developments, e.g., rapidly increasing storage capabilities of hard drives, memory-resident malicious software applications, or the growing use of encryption routines, that make an in-time investigation more and more difficult. In order to cope with these issues, security professionals have started to examine alternative data sources and emphasize the value of volatile system information in RAM more recently. In this paper, we give an overview of the prevailing techniques and methods to collect and analyze a computer's memory. We describe the characteristics, benefits, and drawbacks of the individual solutions and outline opportunities for future research in this evolving field of IT security. © 2011 Elsevier Ltd. All rights reserved.


FAU-Autorinnen und Autoren / FAU-Herausgeberinnen und Herausgeber

Freiling, Felix Prof. Dr.-Ing.
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)
Vömel, Stefan
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)


Zitierweisen

APA:
Vömel, S., & Freiling, F. (2011). A Survey of Main Memory Acquisition and Analysis Techniques for the Windows Operating System. Digital Investigation, 8(1), 3-22. https://dx.doi.org/10.1016/j.diin.2011.06.002

MLA:
Vömel, Stefan, and Felix Freiling. "A Survey of Main Memory Acquisition and Analysis Techniques for the Windows Operating System." Digital Investigation 8.1 (2011): 3-22.

BibTeX: 

Zuletzt aktualisiert 2019-28-07 um 07:14