文章基本信息

标题：Windows Volatile Memory Forensics Based on Correlation Analysis
本地全文：下载
作者：Zhang, Xiaolu ; Hu, Liang ; Song, Shinan 等
期刊名称：Journal of Networks
印刷版ISSN：1796-2056
出版年度：2014
卷号：9
期号：3
页码：645-652
DOI：10.4304/jnw.9.3.645-652
语种：English
出版社：Academy Publisher
摘要：In this paper, we present an integrated memory forensic solution for multiple Windows memory images. By calculation, the method can find out the correlation degree among the processes of volatile memory images and the hidden clues behind the events of computers, which is usually difficult to be obtained and easily ignored by analyzing one single memory image and forensic investigators. In order to test the validity, we performed an experiment based on two hosts' memory image which contains criminal incidents. According to the experimental result, we find that the event chains reconstructed by our method are similar to the actual actions in the criminal scene. Investigators can review the digital crime scenario which is contained in the data set by analyzing the experimental results. This paper is aimed at finding the valid actions with illegal attempt and making the memory analysis not to be utterly dependent on the operating system and relevant experts.
关键词：Digital Forensics;Volatile Memory;Correlation Analysis;Event Chain