Digital evidence collection process in integrity and memory information gathering

Seokhee Lee; Hyunsang Kim; Sangjin Lee; Jongin Lim

doi:10.1109/SADFE.2005.9

Digital evidence collection process in integrity and memory information gathering

Seokhee Lee, Hyunsang Kim, Sangjin Lee, Jongin Lim

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

15 Citations (Scopus)

Abstract

In this paper, we inspect general digital evidence collection process which is according to RFC3227 document[1], and establish specific steps for guaranteeing integrity of digital evidence and memory information collection, EnCase™[4] which was used globally has a weakness that MDC value of digital evidence can be modified, hence we propose MDC public system, MAC system and Public authentication system with PKI as a countermeasure. And we explain detail of each system. Besides, we include memory dump process to existing digital evidence collection process, and examine privacy information through dumping real user's memory and collecting pagefile which is part of virtual memory system.

Original language	English
Title of host publication	Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering
Pages	236-247
Number of pages	12
DOIs	https://doi.org/10.1109/SADFE.2005.9
Publication status	Published - 2005
Event	Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering - Taipei, Taiwan, Province of China Duration: 2005 Nov 7 → 2005 Nov 9

Publication series

Name	Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering
Volume	2005

Other

Other	Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering
Country/Territory	Taiwan, Province of China
City	Taipei
Period	05/11/7 → 05/11/9

ASJC Scopus subject areas

Engineering(all)

Access to Document

10.1109/SADFE.2005.9

Cite this

Lee, S., Kim, H., Lee, S., & Lim, J. (2005). Digital evidence collection process in integrity and memory information gathering. In Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering (pp. 236-247). [1592536] (Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering; Vol. 2005). https://doi.org/10.1109/SADFE.2005.9

Digital evidence collection process in integrity and memory information gathering. / Lee, Seokhee; Kim, Hyunsang; Lee, Sangjin et al.
Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering. 2005. p. 236-247 1592536 (Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering; Vol. 2005).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, S, Kim, H, Lee, S & Lim, J 2005, Digital evidence collection process in integrity and memory information gathering. in Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering., 1592536, Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering, vol. 2005, pp. 236-247, Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering, Taipei, Taiwan, Province of China, 05/11/7. https://doi.org/10.1109/SADFE.2005.9

Lee S, Kim H, Lee S , Lim J. Digital evidence collection process in integrity and memory information gathering. In Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering. 2005. p. 236-247. 1592536. (Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering). doi: 10.1109/SADFE.2005.9

@inproceedings{469ca1b3aab4461fbfd32a297dd626d9,

title = "Digital evidence collection process in integrity and memory information gathering",

abstract = "In this paper, we inspect general digital evidence collection process which is according to RFC3227 document[1], and establish specific steps for guaranteeing integrity of digital evidence and memory information collection, EnCase{\texttrademark}[4] which was used globally has a weakness that MDC value of digital evidence can be modified, hence we propose MDC public system, MAC system and Public authentication system with PKI as a countermeasure. And we explain detail of each system. Besides, we include memory dump process to existing digital evidence collection process, and examine privacy information through dumping real user's memory and collecting pagefile which is part of virtual memory system.",

author = "Seokhee Lee and Hyunsang Kim and Sangjin Lee and Jongin Lim",

year = "2005",

doi = "10.1109/SADFE.2005.9",

language = "English",

isbn = "0769524788",

series = "Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering",

pages = "236--247",

booktitle = "Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering",

note = "Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering ; Conference date: 07-11-2005 Through 09-11-2005",

}

TY - GEN

T1 - Digital evidence collection process in integrity and memory information gathering

AU - Lee, Seokhee

AU - Kim, Hyunsang

AU - Lee, Sangjin

AU - Lim, Jongin

PY - 2005

Y1 - 2005

N2 - In this paper, we inspect general digital evidence collection process which is according to RFC3227 document[1], and establish specific steps for guaranteeing integrity of digital evidence and memory information collection, EnCase™[4] which was used globally has a weakness that MDC value of digital evidence can be modified, hence we propose MDC public system, MAC system and Public authentication system with PKI as a countermeasure. And we explain detail of each system. Besides, we include memory dump process to existing digital evidence collection process, and examine privacy information through dumping real user's memory and collecting pagefile which is part of virtual memory system.

AB - In this paper, we inspect general digital evidence collection process which is according to RFC3227 document[1], and establish specific steps for guaranteeing integrity of digital evidence and memory information collection, EnCase™[4] which was used globally has a weakness that MDC value of digital evidence can be modified, hence we propose MDC public system, MAC system and Public authentication system with PKI as a countermeasure. And we explain detail of each system. Besides, we include memory dump process to existing digital evidence collection process, and examine privacy information through dumping real user's memory and collecting pagefile which is part of virtual memory system.

UR - http://www.scopus.com/inward/record.url?scp=33847209935&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33847209935&partnerID=8YFLogxK

U2 - 10.1109/SADFE.2005.9

DO - 10.1109/SADFE.2005.9

M3 - Conference contribution

AN - SCOPUS:33847209935

SN - 0769524788

SN - 9780769524788

T3 - Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering

SP - 236

EP - 247

BT - Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering

T2 - Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering

Y2 - 7 November 2005 through 9 November 2005

ER -

Digital evidence collection process in integrity and memory information gathering

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this