期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2013
卷号:48
期号:2
页码:768-774
出版社:Journal of Theoretical and Applied
摘要:The preservation, collection, analysis and interpretation of the evidence of computer crime following the legal procedures has become a major problem on Computer Forensics, while current available memory dumps formats and technology have drawbacks. In this paper, we present a format of physical memory dumps applied to forensics. This new format of memory dumps has provided three major advantages. First, it is more flexible, based on the characteristics of real time changes in physical memory, our design supports an update of physical memory compression at any time and reduce its process time significantly. Secondly, it has a good extensibility, supporting the storage of metadata and image at the same time, which facilitates the management and control of memory image. Thirdly, using hash and digital signature mechanism protect the integrity and reliability storage of the evidence data. This paper has solved many practical problems in the storage and protection with existing physical memory image format.
关键词:Computer forensic; Memory dump; Metadata; hash; Digital signature