Windows pagefile collection and analysis for a live forensics context

Seokhee Lee, Antonio Savoldi, Sangjin Lee, Jong In Lim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

The aim of this paper is to present a new tool, the Pagefile Collection Tool (PCT), which can be used to obtain a pagefile on a live Windows based system. It is a known fact that a pagefile on a live system is protected by the operating system, which uses it in the virtual memory context. By using the NTFS filesystem specifications we were able to reconstruct the full pagefile, which can be used by a forensics expert to carve out further and precious information in the memory analysis field.

Original languageEnglish
Title of host publicationProceedings of Future Generation Communication and Networking, FGCN 2007
Pages97-101
Number of pages5
Volume2
Publication statusPublished - 2007 Dec 1
Event2007 International Conference on Future Generation Communication and Networking, FGCN 2007 - Jeju Island, Korea, Republic of
Duration: 2007 Dec 62007 Dec 8

Other

Other2007 International Conference on Future Generation Communication and Networking, FGCN 2007
CountryKorea, Republic of
CityJeju Island
Period07/12/607/12/8

Fingerprint

Data storage equipment
Specifications

ASJC Scopus subject areas

  • Computer Science Applications
  • Software
  • Electrical and Electronic Engineering

Cite this

Lee, S., Savoldi, A., Lee, S., & Lim, J. I. (2007). Windows pagefile collection and analysis for a live forensics context. In Proceedings of Future Generation Communication and Networking, FGCN 2007 (Vol. 2, pp. 97-101). [4426211]

Windows pagefile collection and analysis for a live forensics context. / Lee, Seokhee; Savoldi, Antonio; Lee, Sangjin; Lim, Jong In.

Proceedings of Future Generation Communication and Networking, FGCN 2007. Vol. 2 2007. p. 97-101 4426211.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lee, S, Savoldi, A, Lee, S & Lim, JI 2007, Windows pagefile collection and analysis for a live forensics context. in Proceedings of Future Generation Communication and Networking, FGCN 2007. vol. 2, 4426211, pp. 97-101, 2007 International Conference on Future Generation Communication and Networking, FGCN 2007, Jeju Island, Korea, Republic of, 07/12/6.
Lee S, Savoldi A, Lee S, Lim JI. Windows pagefile collection and analysis for a live forensics context. In Proceedings of Future Generation Communication and Networking, FGCN 2007. Vol. 2. 2007. p. 97-101. 4426211
Lee, Seokhee ; Savoldi, Antonio ; Lee, Sangjin ; Lim, Jong In. / Windows pagefile collection and analysis for a live forensics context. Proceedings of Future Generation Communication and Networking, FGCN 2007. Vol. 2 2007. pp. 97-101
@inproceedings{b0a9fe2a63c548b1993180512ae1d793,
title = "Windows pagefile collection and analysis for a live forensics context",
abstract = "The aim of this paper is to present a new tool, the Pagefile Collection Tool (PCT), which can be used to obtain a pagefile on a live Windows based system. It is a known fact that a pagefile on a live system is protected by the operating system, which uses it in the virtual memory context. By using the NTFS filesystem specifications we were able to reconstruct the full pagefile, which can be used by a forensics expert to carve out further and precious information in the memory analysis field.",
author = "Seokhee Lee and Antonio Savoldi and Sangjin Lee and Lim, {Jong In}",
year = "2007",
month = "12",
day = "1",
language = "English",
isbn = "0769530486",
volume = "2",
pages = "97--101",
booktitle = "Proceedings of Future Generation Communication and Networking, FGCN 2007",

}

TY - GEN

T1 - Windows pagefile collection and analysis for a live forensics context

AU - Lee, Seokhee

AU - Savoldi, Antonio

AU - Lee, Sangjin

AU - Lim, Jong In

PY - 2007/12/1

Y1 - 2007/12/1

N2 - The aim of this paper is to present a new tool, the Pagefile Collection Tool (PCT), which can be used to obtain a pagefile on a live Windows based system. It is a known fact that a pagefile on a live system is protected by the operating system, which uses it in the virtual memory context. By using the NTFS filesystem specifications we were able to reconstruct the full pagefile, which can be used by a forensics expert to carve out further and precious information in the memory analysis field.

AB - The aim of this paper is to present a new tool, the Pagefile Collection Tool (PCT), which can be used to obtain a pagefile on a live Windows based system. It is a known fact that a pagefile on a live system is protected by the operating system, which uses it in the virtual memory context. By using the NTFS filesystem specifications we were able to reconstruct the full pagefile, which can be used by a forensics expert to carve out further and precious information in the memory analysis field.

UR - http://www.scopus.com/inward/record.url?scp=52149113749&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=52149113749&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:52149113749

SN - 0769530486

SN - 9780769530482

VL - 2

SP - 97

EP - 101

BT - Proceedings of Future Generation Communication and Networking, FGCN 2007

ER -