Skip to main content
Conference Proceedings

A webmail reconstructing method from windows XP memory dumps

Lecture Notes in Electrical Engineering (2013) 240 LNEE 211-217
DOI: 10.1007/978-94-007-6738-6_27
0Citations
Citations of this article
2Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Retrieving the content of webmail from physical memory is one key issue for investigators because it may provide with useful information. This paper proposes a webmail evidence reconstructing method from memory dumps on Windows XP platform. The proposed method uses mail header format defined in RFC2822 and HTML frame based on specific webmail server to locate header and body respectively. Then webmail is reconstructed based on matching degree between FROM, TO(CC/BCC), DATE and SUBJECT fields of header and corresponding content extracted from body. The experiment results show that this method could reconstruct the webmail from memory dumps. © 2013 Springer Science+Business Media Dordrecht(Outside the USA).

Author supplied keywords

Cite

CITATION STYLE

APA

Kong, F., Xu, M., Ren, Y., Xu, J., Zhang, H., & Zheng, N. (2013). A webmail reconstructing method from windows XP memory dumps. In Lecture Notes in Electrical Engineering (Vol. 240 LNEE, pp. 211–217). https://doi.org/10.1007/978-94-007-6738-6_27

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free