Windows pagefile collection and analysis for a live forensics context

Seokhee Lee, Antonio Savoldi, Sangjin Lee, Jongin Lim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

The aim of this paper is to present a new tool, the Pagefile Collection Tool (PCT), which can be used to obtain a pagefile on a live Windows based system. It is a known fact that a pagefile on a live system is protected by the operating system, which uses it in the virtual memory context. By using the NTFS filesystem specifications we were able to reconstruct the full pagefile, which can be used by a forensics expert to carve out further and precious information in the memory analysis field.

Original languageEnglish
Title of host publicationProceedings of Future Generation Communication and Networking, FGCN 2007
Pages97-101
Number of pages5
Publication statusPublished - 2007 Dec 1
Event2007 International Conference on Future Generation Communication and Networking, FGCN 2007 - Jeju Island, Korea, Republic of
Duration: 2007 Dec 62007 Dec 8

Publication series

NameProceedings of Future Generation Communication and Networking, FGCN 2007
Volume2

Other

Other2007 International Conference on Future Generation Communication and Networking, FGCN 2007
CountryKorea, Republic of
CityJeju Island
Period07/12/607/12/8

    Fingerprint

ASJC Scopus subject areas

  • Computer Science Applications
  • Software
  • Electrical and Electronic Engineering

Cite this

Lee, S., Savoldi, A., Lee, S., & Lim, J. (2007). Windows pagefile collection and analysis for a live forensics context. In Proceedings of Future Generation Communication and Networking, FGCN 2007 (pp. 97-101). [4426211] (Proceedings of Future Generation Communication and Networking, FGCN 2007; Vol. 2).