The Study of Text Evidence in Memory

Min Jiang; Long Chen; Ya Hui Li

doi:10.4028/www.scientific.net/AMM.556-562.6266

Paper Titles

Issues and Current Solutions of Mobile Cloud Computing
p.6251

Method of Locating Anomaly Source in Software System Based on Dendritic Cell Algorithm
p.6255

A Comprehensive Security Strategy Applying to the Total Life Cycle of Cloud Computing Data Center
p.6259

The Research of Cloud Computing Service Model
p.6262

The Study of Text Evidence in Memory
p.6266

Building Schema of Assorted Index Based on Huffman Encoding in HBase
p.6270

Data Access Control on Clouds
p.6275

Continual Word Embedding Based for Matching Lightweight Ontologies
p.6281

Learning to Rank for Review Rating Prediction
p.6286

HomeApplied Mechanics and MaterialsApplied Mechanics and Materials Vols. 556-562The Study of Text Evidence in Memory

The Study of Text Evidence in Memory

Abstract:

The text message which has been viewed and edited is stored in physical memory. In this paper, we take the notepad process as sample, designs a recovery scheme for user’s viewing-data and judge whether the document was edited, First this scheme extracts the data of all notepad’s process in memory with the member information of the process’s EPROCESS structure, and then, matches the data with the target string, thus, it can recovery the viewing-data of a different order. Experiments show that this scheme can recovery the text message when the user browsing in the last minutes and analyze the behavior of the user.

You might also be interested in these eBooks

View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 556-562)

Pages:

6266-6269

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.556-562.6266

Citation:

Cite this paper

Online since:

May 2014

Authors:

Min Jiang*, Long Chen, Ya Hui Li

Keywords:

Data Recovery, Memory Forensics, Text File, User Behavior

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

Citation:

* - Corresponding Author

References

[1] Dolan Gavitt: Digital Forensic Research Workshop (Baltimore, MD, August 11-13, 2008), pp.26-32.

Google Scholar

[2] Okolica J, Peterson G: Digital Forensic Research Workshop (Portland, Oregon, August 2-4, 2010), pp.48-56.

Google Scholar

[3] L. Chen, L. Zhang and Q. Y. Tian: Journal of Chongqing Universities of Posts and Telecommunications, Vol. 25 (2013) No. 6, p.854.

Google Scholar

[4] M. Richard, Stevens and Eoghan Casey: Digital Investigation Journal, Vol. 7 (2010) No. 6, p.57.

Google Scholar

[5] Y. H. Gao, T. J. Cao: Journal of Computers, Vol. 5 (2010) No. 4, p.541.

Google Scholar

[6] J. Okolica, G. Peterson: Digital Investigations Journal, Vol. 9 (2011) No. 7, p.118.

Google Scholar

[7] Funminiyi, Akanfe and Olajide: A study of application level information from the volatile memory of Windows computer systems (Ph.D., University of Portsmouth, England 2011), p.27.

Google Scholar

[8] Information on http: /secmeeting. ihep. ac. cn/paper/Paper_Chen_Long_ICDFI2012. pdf.

Google Scholar

[9] L. Chen, K. Jing: Journal of Chongqing Universities of Posts and Telecommunications, Vol. 1 (2013) No. 25, p.122.

Google Scholar