Forensic analysis of communication records of messaging applications from physical memory

Barradas Diogo; Brito Tiago; Duarte David; Santos Nuno; Rodrigues Luis

首页> 外文期刊>Computers & Security >Forensic analysis of communication records of messaging applications from physical memory

【24h】

Forensic analysis of communication records of messaging applications from physical memory

机译：物理内存中消息传递应用程序的通信记录的取证分析

获取原文

获取原文并翻译 | 示例

开具论文收录证明 >>

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

Inspection of physical memory allows digital investigators to retrieve evidence otherwise inaccessible when analyzing other storage media. In this paper, we analyze in-memory communication records produced by instant messaging and email applications, both in desktop web-based applications and native applications running in mobile devices. Our results show that, in spite of the heterogeneity of data formats specific to each application, communication records can be represented in a common application-independent format. This format can then be used as a common representation to allow for general analysis of digital artifacts across various applications. Then, we introduce RAMAS, an extensible forensic tool which aims to ease the process of analysing communication records left behind in physical memory by instant-messaging and email clients. (C) 2018 Elsevier Ltd. All rights reserved.

机译：对物理内存的检查使数字调查人员可以在分析其他存储介质时检索否则无法访问的证据。在本文中，我们分析了即时消息和电子邮件应用程序在基于桌面Web的应用程序和在移动设备中运行的本机应用程序中产生的内存中通信记录。我们的结果表明，尽管特定于每个应用程序的数据格式存在异质性，但通信记录仍可以以独立于应用程序的通用格式表示。然后，可以将该格式用作通用表示形式，以允许对各种应用程序中的数字工件进行常规分析。然后，我们介绍RAMAS，这是一种可扩展的取证工具，旨在简化即时消息和电子邮件客户端对物理内存中遗留的通信记录进行分析的过程。（C）2018 Elsevier Ltd.保留所有权利。

著录项

来源
《Computers & Security》 |2019年第9期|484-497|共14页
作者
Barradas Diogo; Brito Tiago; Duarte David; Santos Nuno; Rodrigues Luis;
展开▼
作者单位

Univ Lisbon Inst Super Tecn INESC ID Lisbon Portugal;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Digital forensics; Instant-messaging; Memory forensics; Mobile applications; Web-applications;

机译：数字取证;即时通讯;记忆取证;移动应用;网络应用;

相似文献

外文文献
中文文献
专利

1. Forensic analysis of communication records of messaging applications from physical memory [J] . Barradas Diogo, Brito Tiago, Duarte David, Computers & Security . 2019,第SEPa期

机译：物理内存中消息传递应用程序的通信记录的取证分析
2. Digital forensic analysis of encrypted database files in instant messaging applications on Windows operating systems: Case study with KakaoTalk, NateOn and QQ messenger [J] . Choi Jusop, Yu Jaegwan, Hyun Sangwon, Digital investigation . 2019,第APRa期

机译：Windows操作系统上即时消息传递应用程序中加密数据库文件的数字取证分析：使用KakaoTalk，NateOn和QQ Messenger的案例研究
3. Network and device forensic analysis of Android social-messaging applications [J] . Walnycky Daniel, Baggili Ibrahim, Marrington Andrew, Digital investigation . 2015,第auga期

机译：Android社交消息应用程序的网络和设备取证分析
4. Forensic Analysis of Communication Records of Web-based Messaging Applications from Physical Memory [C] . Diogo Barradas, Tiago Brito, David Duarte, International Joint Conference on e-Business and Telecommunications . 2017

机译：来自物理内存的基于Web的消息传递应用程序的通信记录的法医分析
5. Forensic analysis of Windows physical memory [D] . Arasteh, Ali Reza 2008

机译：Windows物理内存的取证分析
6. Recorded infection control messages delay inter-professional communication but are not associated with COVID-19 prevalence or mortality: insights from a national switchboard analysis [O] . Edd Maclean, Rahul Ghelani, Myra Adra, 2020

机译：记录的感染控制消息延迟专业间通信但与Covid-19流行或死亡率无关：来自国家交换机分析的见解
7. Forensic analysis of secure ephemeral messaging applications on Android platforms [O] . Azhar M. H. B., Barton T. 2017

机译：Android平台上的安全临时消息传递应用程序的取证分析

Forensic analysis of communication records of messaging applications from physical memory

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅