Journal & Conference Proceeding Publications



ID Code : CSC0011
Title : Object Signature Search for Capturing Processes Memory Image of Windows System
Author/s : Khairul Akram Zainol Ariffin
Ahmad Kamil Mahmood
Jafrezal Jaafar
Dr Solahuddin Shamsuddin
Abstract : Over the past few years, memory analysis has been an issue that has been discussed in digital forensics. With the introduction of cloud computing, the on memory has become critical as the hard disk is no longer the primary choice to store information and data on the computer system. The online storages with password protected such as ADrive, Dropbox and Google Cloud Storage are already available to all users. Hence, with the progress of development in this technology, the traditional approach (analysis on hard drive) has become obsolete in obtaining information from those applications. The aim of this paper is to present an algorithm that can be used to trace the processes of the memory image. The algorithm uses the signature search to find the possible process that is stored in the memory dump. Then, by the information in Parent ProcessID (PPID) and ProcessID (PID) the Process Block Tree is constructed. Further, the benchmarking test between Process Enumeration technique and this new algorithm is presented in this paper
Publication : International Journal of Computer and Communication Engineering
Year Published : 2013|702-705|Volume 2 Number 3
PDF / Official URL : http://sdiwc.net/security-journal/index.php