File Download
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1109/CSA.2009.5404199
- Scopus: eid_2-s2.0-80655130272
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Conference Paper: Memory acquisition: A 2-Take approach
| Title | Memory acquisition: A 2-Take approach |
|---|---|
| Authors | |
| Keywords | Live forensics Memory acquisition Memory forensics |
| Issue Date | 2009 |
| Publisher | IEEE. |
| Citation | The 2009 International Workshop on Forensics for Future Generation Communication Environments (F2GC-09) in conjunction with CSA 2009, Jeju Island, Korea, 10-12 December 2009. In Proceedings of CSA, 2009, p. 1-4 How to Cite? |
| Abstract | When more and more people recognize the value of volatile data, live forensics gains more weight in digital forensics. It is often used in parallel with traditional pull-the-plug forensics to provide a more reliable result in forensic examination. One of the core components in live forensics is the collection and analysis of memory volatile data, during which the memory content is acquired for searching of relevant evidential data or investigating various computer processes to unveil the activities being performed by a user. However, this conventional method may have weaknesses because of the volatile nature of memory data and the absence of original data for validation. This may cause implication to the admissibility of memory data at the court of law which requires strict authenticity and reliability of evidence. In this paper, we discuss the impact of various memory acquisition methods and suggest a 2-Take approach which aims to enhance the confidence level of the acquired memory data for legal proceedings. © 2009 IEEE. |
| Persistent Identifier | http://hdl.handle.net/10722/125702 |
| ISBN | |
| References |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Law, FYW | en_HK |
| dc.contributor.author | Lai, PKY | en_HK |
| dc.contributor.author | Chow, KP | en_HK |
| dc.contributor.author | Ieong, RSC | en_HK |
| dc.contributor.author | Kwan, MYK | en_HK |
| dc.contributor.author | Tse, KWH | en_HK |
| dc.contributor.author | Tse, HKS | en_HK |
| dc.date.accessioned | 2010-10-31T11:46:57Z | - |
| dc.date.available | 2010-10-31T11:46:57Z | - |
| dc.date.issued | 2009 | en_HK |
| dc.identifier.citation | The 2009 International Workshop on Forensics for Future Generation Communication Environments (F2GC-09) in conjunction with CSA 2009, Jeju Island, Korea, 10-12 December 2009. In Proceedings of CSA, 2009, p. 1-4 | en_HK |
| dc.identifier.isbn | 978-1-4244-4946-0 | - |
| dc.identifier.uri | http://hdl.handle.net/10722/125702 | - |
| dc.description.abstract | When more and more people recognize the value of volatile data, live forensics gains more weight in digital forensics. It is often used in parallel with traditional pull-the-plug forensics to provide a more reliable result in forensic examination. One of the core components in live forensics is the collection and analysis of memory volatile data, during which the memory content is acquired for searching of relevant evidential data or investigating various computer processes to unveil the activities being performed by a user. However, this conventional method may have weaknesses because of the volatile nature of memory data and the absence of original data for validation. This may cause implication to the admissibility of memory data at the court of law which requires strict authenticity and reliability of evidence. In this paper, we discuss the impact of various memory acquisition methods and suggest a 2-Take approach which aims to enhance the confidence level of the acquired memory data for legal proceedings. © 2009 IEEE. | en_HK |
| dc.language | eng | en_HK |
| dc.publisher | IEEE. | - |
| dc.relation.ispartof | Proceedings of the International Conference on Computer Science and Its Applications, CSA 2009 | en_HK |
| dc.rights | ©2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. | - |
| dc.subject | Live forensics | en_HK |
| dc.subject | Memory acquisition | en_HK |
| dc.subject | Memory forensics | en_HK |
| dc.title | Memory acquisition: A 2-Take approach | en_HK |
| dc.type | Conference_Paper | en_HK |
| dc.identifier.email | Chow, KP:chow@cs.hku.hk | en_HK |
| dc.identifier.authority | Chow, KP=rp00111 | en_HK |
| dc.description.nature | published_or_final_version | - |
| dc.identifier.doi | 10.1109/CSA.2009.5404199 | en_HK |
| dc.identifier.scopus | eid_2-s2.0-80655130272 | en_HK |
| dc.identifier.hkuros | 182209 | en_HK |
| dc.relation.references | http://www.scopus.com/mlt/select.url?eid=2-s2.0-80655130272&selection=ref&src=s&origin=recordpage | en_HK |
| dc.identifier.spage | 1 | - |
| dc.identifier.epage | 4 | - |
| dc.description.other | The 2009 International Workshop on Forensics for Future Generation Communication Environments (F2GC-09) in conjunction with CSA 2009, Jeju Island, Korea, 10-12 December 2009. In Proceedings of CSA, 2009, p. 1-4 | - |
| dc.identifier.scopusauthorid | Law, FYW=19640490000 | en_HK |
| dc.identifier.scopusauthorid | Lai, PKY=19640260600 | en_HK |
| dc.identifier.scopusauthorid | Chow, KP=7202180751 | en_HK |
| dc.identifier.scopusauthorid | Ieong, RSC=22734240200 | en_HK |
| dc.identifier.scopusauthorid | Kwan, MYK=19640239200 | en_HK |
| dc.identifier.scopusauthorid | Tse, KWH=54382354800 | en_HK |
| dc.identifier.scopusauthorid | Tse, HKS=36844822700 | en_HK |