A Forensic Memory Image Acquisition Protocol Based on Windows Memory Analysis
Zusammenfassung
Computer Forensics has become an extremely important evidence gathering and analysis field in the modern electronic driven world. Most of the evidence acquired, preserved, processed and analyzed originates from long term storage media. The importance of obtaining a forensic memory image has grown in importance in order to support the evidence analysis and obtain correct and irrefutable results. This project has developed a memory acquisition protocol that provides forensic examiners with the necessary tools to complete a comprehensive investigation. The protocol developed, which is targeted at the acquisition step of the evidence collection process, is based on memory analysis. Including memory as a data source empowers the analyst with context information that can be used to enhance the analysis of evidence extracted from long term storage media. Key Terms - Computer Forensics, Computer Forensics Protocols, Digital Forensics, Memory Analysis.