The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
Volatile Memory Collection and Analysis for Windows Mission-Critical Computer Systems
Abstract
Most enterprises rely on the continuity of service guaranteed by means of a computer system infrastructure, which can often be based on the Windows operating system family. For such a category of systems, which might be referred to as mission-critical for the relevance of the service supplied, it is indeed fundamental to be able to define which approach could be better to apply when a digital investigation needs to be performed. This is the very goal of this paper: the definition of a forensically sound methodology which can be used to collect the full state of the machine being investigated by avoiding service interruptions. It will be pointed out why the entire volatile memory dump, with the necessary extension which is nowadays missing, is required with the purpose of being able to gather much more evidential data, by illustrating also, at the same time, the limitation and disadvantages of current state of-the-art approaches in performing the collection phase.
Related Content
|
Shakir A. Mehdiyev, Tahmasib Kh. Fataliyev.
© 2024.
17 pages.
|
|
Fuhai Jia, Yanru Jia, Jing Li, Zhenghui Liu.
© 2024.
13 pages.
|
|
Dawei Zhang.
© 2024.
16 pages.
|
|
Yuwen Zhu, Lei Yu.
© 2023.
16 pages.
|
|
Vijay Kumar, Sahil Sharma, Chandan Kumar, Aditya Kumar Sahu.
© 2023.
14 pages.
|
|
Wenjun Yao, Ying Jiang, Yang Yang.
© 2023.
20 pages.
|
|
Dawei Zhang.
© 2023.
14 pages.
|
|
|