By Topic

Evaluating the Effect of Loading Forensic Tools on the Volatile Memory for Digital Evidences

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Zhen Su ; Shandong Comput. Sci. Center, Shandong Polytech. Univ., Jinan, China ; Lian Hai Wang

The digital data collected in current live forensics is always suspected in terms of integrity and fidelity when viewed as evidence. In this work, trustworthiness of evidence obtained from physical memory image is studied. The trustworthiness of evidence in physical memory image can be addressed as how closely the memory image accurately or truthfully represents the real memory of the target machine. Firstly, based on a physical memory analysis model, the effect of memory acquisition tool on live forensic evidence is analyzed. Then, two aspects are analyzed to evaluate the extent of memory change. A formula using probability theory and mathematical statistics is given to quantitatively calculate the degree of memory change. At last, through the experimental analyses, the influences of key traces are analyzed, and the trusted probability of the live forensics tool is assessed and calculated.

Published in:

Computational Intelligence and Security (CIS), 2011 Seventh International Conference on

Date of Conference:

3-4 Dec. 2011