Sciweavers

FGCN
2007
IEEE

Consistency Issue on Live Systems Forensics

14 years 6 months ago
Consistency Issue on Live Systems Forensics
Volatile data, being vital to digital investigation, have become part of the standard items targeted in the course of live response to a computer system. In traditional computer forensics where investigation is carried out on a dead system (e.g. hard disk), data integrity is the first and foremost issue for digital evidence validity in court. In the context of live system forensics, volatile data are acquired from a running system. Due to the ever-changing and volatile nature, it is impossible to verify the integrity of volatile data. Let alone the integrity issue, a more critical problem – data consistency, is present at the data collected on a live system. In this paper, we address and study the consistency issue on live systems forensics. By examining the memory data on a Unix system, we outline a model to distinguish integral data from inconsistent data in a memory dump.
Frank Y. W. Law, K. P. Chow, Michael Y. K. Kwan, P
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where FGCN
Authors Frank Y. W. Law, K. P. Chow, Michael Y. K. Kwan, Pierre K. Y. Lai
Comments (0)