In Memory Forensics, a variant of Live forensics, the acquired image of physical memory is analysed to find out crucial artefacts from the suspect’s system. These artefacts include details of running processes, network connections, Clipboard data, Security Identifiers of users, Master File Table etc. which helps in providing an unprecedented visibility into the runtime state of the system. While there has been extensive work done for capturing processes, event logs, registry information and network activities, the focus towards Clipboard acting as another memory storage for evidential information has been limited. In this paper, a framework has been proposed to carry out Live forensics of a system by extraction of Clipboard data and other forensic artefacts from RAM image.
CITATION STYLE
Sharma, R., & Singh, U. (2015). Framework for live forensics of a system by extraction of clipboard data and other forensic artefacts from RAM image. In Communications in Computer and Information Science (Vol. 536, pp. 473–482). Springer Verlag. https://doi.org/10.1007/978-3-319-22915-7_43
Mendeley helps you to discover research relevant for your work.