Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.1.87

A Study of Memory Information Collection and Analysis in a view of Digital Forensic in Window System  

Lee Seok-Hee (Center for Information Security Technologies, Korea University)
Kim Hyun-Sang (Center for Information Security Technologies, Korea University)
Lim JongIn (Center for Information Security Technologies, Korea University)
Lee SangJin (Center for Information Security Technologies, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.1, 2006 , pp. 87-96 More about this Journal
Abstract
In this paper, we examine general digital evidence collection process which is according to RFC3227 document[l], and establish specific steps for memory information collection. Besides, we include memory dump process to existing digital evidence collection process, and examine privacy information through dumping real user's memory and collecting pagefile which is part of virtual memory system. Especially, we discovered sensitive data which is like password and userID that exist in the half of pagefiles. Moreover, we suggest each analysis technique and computer forensic process for memory information and virtual memory.
Keywords
Computer Forensics; Virtual Memory; Pagefile;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Kyle Rankin, 'KNOPPIX HACKS', O'RELLY, 2005. pp.256-263
2 Microsoft Support tools, http://download. microsoft.com/download/win2000srv/UtilitY/3.0/NT45/E N-US/Oem3sr2.zip
3 Virtual Memory, http://searchstorage.techtarget.com/sDefinition/0.,sid5_gci213300.00.html
4 황현욱, 김민수, 노봉남, 임재명, '컴퓨터 포렌식스: 시스템 포렌식스 동향과 기술', 정보보호학회지, 2003년 8월
5 박종성, 최운호, 문종섭, 손태식, '자동화된 침해사고 대응시스템에서의 네트웍 포렌식 정보에 대한 정의', 정보보호학회논문지, 2004년 8월
6 Chris, Kevin, 'Incident Response & Computer Forensics', Second Edition, McGraw-Hill, 2003, pp.1l4-115
7 이형우, 이상진, 임종인 '컴퓨터 포렌식스 기술', 정보보호학회지, 2002년 10월
8 RFC 3875, 'The Common Gateway Interface (CGI) Version 1.1', http://www.faqs.org/rfcs/rfc3875.html, 2004
9 File Monitor, Sysinternals, http://www.sysinternals.com/ntw2k/source/filemon.shtml
10 Douglas Schweitzer, 'Incident Response:Computer Forensics Toolkit'. Wiley Pulishing Inc., 2003, pp. 121-123
11 ACPO(Association of Chief Police Officers), 'Good Practice Guide for Computer based Eletronic Evidence', http://www.acpo.police.uk/asp/policies/p olicieslist.asp, Version 3, pp.11
12 이하영, 김현상, 최운호, 이상진, 임종인, '국내 환경에 맞는 컴퓨터 포렌식에서의 초기 신고 시스템', 정보보호학회지, 2005년 2월
13 RFC3227, 'Guidelines for Evidence Collection and Archiving', http://www.faqs.org/rfcs/rfc3227.html, 2002
14 A. Silberschatz, P. Galvin, 'Operating System Concepts', fifth edition. John Wiley & Sons, Inc., 1998
15 김정민, 박종성, 허재성, 이상진, 'Anti-Forensic 기법을 이용한 프라이버시보호에 관한 연구', 한국정보보호학회 하계학술대회 논문집, Vol14, NO1, pp.159-160, june 2004
16 Chris, Kevin, 'Incident Response & Computer Forensics'. Second Edition. McGraw-Hill, 2003, pp.315-316
17 Strings, Sysinternals, http://www.sys-internals.com/Utilities/Strings.html