TY - GEN
T1 - Windows pagefile collection and analysis for a live forensics context
AU - Lee, Seokhee
AU - Savoldi, Antonio
AU - Lee, Sangjin
AU - Lim, Jongin
PY - 2007
Y1 - 2007
N2 - The aim of this paper is to present a new tool, the Pagefile Collection Tool (PCT), which can be used to obtain a pagefile on a live Windows based system. It is a known fact that a pagefile on a live system is protected by the operating system, which uses it in the virtual memory context. By using the NTFS filesystem specifications we were able to reconstruct the full pagefile, which can be used by a forensics expert to carve out further and precious information in the memory analysis field.
AB - The aim of this paper is to present a new tool, the Pagefile Collection Tool (PCT), which can be used to obtain a pagefile on a live Windows based system. It is a known fact that a pagefile on a live system is protected by the operating system, which uses it in the virtual memory context. By using the NTFS filesystem specifications we were able to reconstruct the full pagefile, which can be used by a forensics expert to carve out further and precious information in the memory analysis field.
UR - http://www.scopus.com/inward/record.url?scp=52149113749&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=52149113749&partnerID=8YFLogxK
U2 - 10.1109/fgcn.2007.236
DO - 10.1109/fgcn.2007.236
M3 - Conference contribution
AN - SCOPUS:52149113749
SN - 0769530486
SN - 9780769530482
T3 - Proceedings of Future Generation Communication and Networking, FGCN 2007
SP - 97
EP - 101
BT - Proceedings of Future Generation Communication and Networking, FGCN 2007
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2007 International Conference on Future Generation Communication and Networking, FGCN 2007
Y2 - 6 December 2007 through 8 December 2007
ER -