Password Recovery Using an Evidence Collection Tool and Countermeasures
Summary:
The main contribution of this paper is to analyse a tool we have implemented, the page collection tool, usable in the context of live forensics analysis to acquire pagefiles from running computer systems. Such a tool opens a series of important issues to deal with, for example, the ease with
which sensitive information can be obtained. Without losing any detail, a pagefile can be defined as a part of the virtual memory [6] used by almost all computer operating systems. Usually, a pagefile is a disk area where memory pages can be swapped-in or swapped-out, leaving plenty of sensitive data which might be easily obtained. With regard to a previous paper [4], we were not able to acquire a pagefile directly from a live system because the Windows operating system used in our analysis has complete control of the pagefile while the computer system is running. Thus, we have collected the pagefile using a live Linux distribution [7]. Such an analysis belongs to the methodology of the so-called post mortem analysis. However,
we then developed a pagefile collection tool which is able to obtain a pagefile from a live system even while the Windows operating system is running. Interestingly, this tool reduces the time to acquire a pagefile. Therefore, it
offers promptness to investigators who carry out the investigation.
Format:
Pages : 7
Size: 173 kb
Author: Seokhee Lee, Antonio Savoldi, Sangjin Lee and Jongin Lim
Download:
Password Recovery Using an Evidence Collection Tool and Countermeasures