Study on the Forensic Methods of Main Memory

• Main Authors: Yeh, Kuang-Chieh, 葉廣傑
• Other Authors: Chu, Huei-Chung
• Format: Others
• Language: zh-TW
• Published: 2012
• Online Access: http://ndltd.ncl.edu.tw/handle/30836875386116773027

碩士 === 華梵大學 === 資訊管理學系碩士班 === 100 === Along with the improvement of information technology and the popularization of IT education, the cybercrime cases are also on the increase. As the Internet enjoys a booming development, the digital evidences are not only stored in the non-volatile storage but also in the volatile storage ones. Consequently, it becomes an important subject for the forensic personnel to collect the digital evidences from the volatile storage medium especially in the main memory of computers. This study deeply investigates the methods of collection and analysis for digital evidences in the main memory based on the structure of the Windows 7 operating system. It also develops the automate tools for digital evidences collection and analysis in the main memory by integrating all related digital forensic tools. Finally, the feasibility and effectiveness of the proposed tool are testified by case study. It is hoped to make up the functions of single digital forensic tool and reduce the operational procedures during the evidence collection and analysis of the main memory by forensic personnel.