Tracking file's metadata from computer memory analysis
With the advance in technology, the computer storage will become cheaper for the larger sizes. Previously, it allows the user to store more data at a lower cost. In context of digital forensic investigation, the traditional approach such as analysis on the hard disk will become inefficient in handli...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Published: |
Institute of Electrical and Electronics Engineers Inc.
2015
|
| Online Access: | https://www.scopus.com/inward/record.uri?eid=2-s2.0-84964221855&doi=10.1109%2fCIT%2fIUCC%2fDASC%2fPICOM.2015.147&partnerID=40&md5=31b4fee87b8bfa60fa6a6ce1986c3953 http://eprints.utp.edu.my/30697/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.utp.eprints.30697 |
|---|---|
| record_format |
eprints |
| spelling |
my.utp.eprints.306972022-03-25T07:15:08Z Tracking file's metadata from computer memory analysis Ariffin, K.A.Z. Jaafar, J. Mahmood, A.K. Shamsuddin, S. With the advance in technology, the computer storage will become cheaper for the larger sizes. Previously, it allows the user to store more data at a lower cost. In context of digital forensic investigation, the traditional approach such as analysis on the hard disk will become inefficient in handling the huge data that is stored within it. The research on retrieving the open flies from computer memory only focused on tracking the Virtual Address Descriptor (VAD) and Object Table. Thus, only the active object's open flies can be retrieved from the computer memory. The aim of this paper is to present algorithms to track the metadata of file from the well-known file system for Windows system such as File Allocation Table (FAT) and New Technologies File System (NTFS). The algorithms encompass the signature search to retrieve the boot sector and then capture the metadata about the file from the computer memory The algorithm will be independent of address translation algorithm and able to capture the information from various file's extension, not limited to.EXE and.DLL. © 2015 IEEE. Institute of Electrical and Electronics Engineers Inc. 2015 Conference or Workshop Item NonPeerReviewed https://www.scopus.com/inward/record.uri?eid=2-s2.0-84964221855&doi=10.1109%2fCIT%2fIUCC%2fDASC%2fPICOM.2015.147&partnerID=40&md5=31b4fee87b8bfa60fa6a6ce1986c3953 Ariffin, K.A.Z. and Jaafar, J. and Mahmood, A.K. and Shamsuddin, S. (2015) Tracking file's metadata from computer memory analysis. In: UNSPECIFIED. http://eprints.utp.edu.my/30697/ |
| institution |
Universiti Teknologi Petronas |
| building |
UTP Resource Centre |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Petronas |
| content_source |
UTP Institutional Repository |
| url_provider |
http://eprints.utp.edu.my/ |
| description |
With the advance in technology, the computer storage will become cheaper for the larger sizes. Previously, it allows the user to store more data at a lower cost. In context of digital forensic investigation, the traditional approach such as analysis on the hard disk will become inefficient in handling the huge data that is stored within it. The research on retrieving the open flies from computer memory only focused on tracking the Virtual Address Descriptor (VAD) and Object Table. Thus, only the active object's open flies can be retrieved from the computer memory. The aim of this paper is to present algorithms to track the metadata of file from the well-known file system for Windows system such as File Allocation Table (FAT) and New Technologies File System (NTFS). The algorithms encompass the signature search to retrieve the boot sector and then capture the metadata about the file from the computer memory The algorithm will be independent of address translation algorithm and able to capture the information from various file's extension, not limited to.EXE and.DLL. © 2015 IEEE. |
| format |
Conference or Workshop Item |
| author |
Ariffin, K.A.Z. Jaafar, J. Mahmood, A.K. Shamsuddin, S. |
| spellingShingle |
Ariffin, K.A.Z. Jaafar, J. Mahmood, A.K. Shamsuddin, S. Tracking file's metadata from computer memory analysis |
| author_facet |
Ariffin, K.A.Z. Jaafar, J. Mahmood, A.K. Shamsuddin, S. |
| author_sort |
Ariffin, K.A.Z. |
| title |
Tracking file's metadata from computer memory analysis |
| title_short |
Tracking file's metadata from computer memory analysis |
| title_full |
Tracking file's metadata from computer memory analysis |
| title_fullStr |
Tracking file's metadata from computer memory analysis |
| title_full_unstemmed |
Tracking file's metadata from computer memory analysis |
| title_sort |
tracking file's metadata from computer memory analysis |
| publisher |
Institute of Electrical and Electronics Engineers Inc. |
| publishDate |
2015 |
| url |
https://www.scopus.com/inward/record.uri?eid=2-s2.0-84964221855&doi=10.1109%2fCIT%2fIUCC%2fDASC%2fPICOM.2015.147&partnerID=40&md5=31b4fee87b8bfa60fa6a6ce1986c3953 http://eprints.utp.edu.my/30697/ |
| _version_ |
1738657143830085632 |
| score |
13.160551 |