Forensic analysis of communication records of messaging applications from physical memory. Issue 86 (September 2019)
- Record Type:
- Journal Article
- Title:
- Forensic analysis of communication records of messaging applications from physical memory. Issue 86 (September 2019)
- Main Title:
- Forensic analysis of communication records of messaging applications from physical memory
- Authors:
- Barradas, Diogo
Brito, Tiago
Duarte, David
Santos, Nuno
Rodrigues, Luís - Abstract:
- Highlights: RAMAS efficiently extracts communication records from volatile memory. Works for most popular messaging applications. Uses the same record signatures on different operating systems and browsers. Provides a forensic framework for evidence inspection and reporting. Highlights which sequences of actions impact record durability the most. Abstract: Inspection of physical memory allows digital investigators to retrieve evidence otherwise inaccessible when analyzing other storage media. In this paper, we analyze in-memory communication records produced by instant messaging and email applications, both in desktop web-based applications and native applications running in mobile devices. Our results show that, in spite of the heterogeneity of data formats specific to each application, communication records can be represented in a common application-independent format. This format can then be used as a common representation to allow for general analysis of digital artifacts across various applications. Then, we introduce RAMAS, an extensible forensic tool which aims to ease the process of analysing communication records left behind in physical memory by instant-messaging and email clients.
- Is Part Of:
- Computers & security. Issue 86(2019)
- Journal:
- Computers & security
- Issue:
- Issue 86(2019)
- Issue Display:
- Volume 86, Issue 86 (2019)
- Year:
- 2019
- Volume:
- 86
- Issue:
- 86
- Issue Sort Value:
- 2019-0086-0086-0000
- Page Start:
- 484
- Page End:
- 497
- Publication Date:
- 2019-09
- Subjects:
- Digital forensics -- Instant-messaging -- Memory forensics -- Mobile applications -- Web-applications
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2018.08.013 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16503.xml