Please submit manuscripts in either of the following two submission systems

    ScholarOne Manuscripts

  • ScholarOne

    • 勤云稿件系统

  • 登录

Search by Issue

  • 2024 Vol.31
  • 2023 Vol.30
  • 2022 Vol.29
  • 2021 Vol.28
  • 2020 Vol.27
  • 2019 Vol.26
  • 2018 Vol.25
  • 2017 Vol.24
  • 2016 vol.23
  • 2015 vol.22
  • 2014 vol.21
  • 2013 vol.20
  • 2012 vol.19
  • 2011 vol.18
  • 2010 vol.17
  • 2009 vol.16
  • No.1
  • No.2

Search by Keywords

  • Search by Title
  • Search by Keywords
  • Search by Abstract
  • Search by Author's Chinese Name
  • Search by Author's English Name
  • Search by Fund

News & AnnouncementMORE

Supervised by Ministry of Industry and Information Technology of The People's Republic of China Sponsored by Harbin Institute of Technology Editor-in-chief Yu Zhou ISSNISSN 1005-9113 CNCN 23-1378/T

期刊网站二维码
微信公众号二维码
Related citation:Lian-Hai Wang,Qiu-Liang Xu.Primary Exploration of Reliability Evaluation of Computer Live Forensics Model on Physical Memory Analysis[J].Journal of Harbin Institute Of Technology(New Series),2014,21(4):121-128.DOI:10.11916/j.issn.1005-9113.2014.04.019.
【Print】   【HTML】   【PDF download】   View/Add Comment  Download reader   Close
←Previous|Next→ Back Issue    Advanced Search
This paper has been: browsed 1043times   downloaded 919times 本文二维码信息
码上扫一扫!
Shared by: Wechat More
Font:larger+|default|smaller-
Primary Exploration of Reliability Evaluation of Computer Live Forensics Model on Physical Memory Analysis
Author NameAffiliation
Lian-Hai Wang School of Computer Science and Technology, Shandong University, Jinan 250101, China
Shandong Provincial Key Laboratory of Computer Network, Shandong Computer Science CenterNational Supercomputer Center in Jinan, Jinan 250014, China 
Qiu-Liang Xu School of Computer Science and Technology, Shandong University, Jinan 250101, China 
Abstract:
The integrity and fidelity of digital evidence are very important in live forensics. Previous studies have focused the uncertainty of live forensics based on different memory snapshots. However, this kind of method is not effective in practice. In fact, memory images are usually acquired by using forensics tools instead of using snapshots. Therefore, the integrity and fidelity of live evidence should be evaluated during the acquisition process. In this paper, we study the problem in a novel viewpoint. Firstly, several definitions about memory acquisition measure error are introduced to describe the trusty. Then, we analyze the experimental error and propose some suggestions on how to reduce it. A novel method is also developed to calculate the system error in detail. The results of a case study on Windows 7 and VMware virtual machine show that the experimental error has good accuracy and precision, which demonstrate the efficacy of the proposed reducing methods. The system error is also evaluated, that is, it accounts for the whole error from 30% to 50%.
Key words:  digital investigation  live forensics  volatile memory acquisition  trusted probability
DOI:10.11916/j.issn.1005-9113.2014.04.019
Clc Number:TP309
Fund:

LINKS

Copyright © The Editorial Department of Journal of Harbin Institute of Technology
Address: 92 West Dazhi Street, Nan Gang District, Harbin, Heilongjiang Province, China Postcode: 150001
(C)2015 JOURNAL OF HIT ALL RIGHTS RESERVED. ICP. 0000423255