Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Performance Enhancement of OMP Algorithm for Compressed Sensing Based Sparse Channel Estimation in OFDM Systems Kapitel lesen Erstes Kapitel lesen

2018 | OriginalPaper | Buchkapitel

25. Towards the Memory Forensics of MS Word Documents

verfasst von : Ziad A. Al-Sharif, Hasan Bagci, Toqa’ Abu Zaitoun, Aseel Asad

Erschienen in: Information Technology - New Generations

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Memory forensics plays a vital role in digital forensics. It provides important information about user’s activities on a digital device. Various techniques can be used to analyze the RAM and locate evidences in support for legal procedures against digital perpetrators in the court of law. This paper investigates digital evidences in relation to MS Word documents. Our approach utilizes the XML representation used internally by MS Office. Different documents are investigated. A memory dump is created while each of these documents is being viewed or edited and after the document is closed. Used documents are decompressed and the resulting folders and XML files are analyzed. Various unique parts of these extracted files are successfully located in the consequent RAM dumps. Results show that several portions of the MS Word document formats and textual data can be successfully located in RAM and these portions would prove that the document is/was viewed or edited by the perpetrator.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel SCORS: Smart Cloud Optimal Resource Selection
Nächstes Kapitel Two Are Better than One: Software Optimizations for AES-GCM over Short Messages
Literatur
1.
2.
3.
4.
Al-Saleh, M. I., & Al-Sharif, Z. A. (2012). Utilizing data lifetime of tcp buffers in digital forensics: Empirical study. Digital Investigation, 9(2), 119–124CrossRef
5.
Al-Sharif, Z. A., Odeh, D. N., & Al-Saleh, M. I. (2015). Towards carving pdf files in the main memory. In The International Technology Management Conference (ITMC2015) (pp. 24–31). The Society of Digital Information and Wireless Communication.
6.
Al-Sharif, Z. (2016). Utilizing program’s execution data for digital forensics. In The Third International Conference on Digital Security and Forensics (DigitalSec2016) (pp. 12–19). The Society of Digital Information and Wireless Communications (SDIWC).
7.
Harichandran, V. S., Walnycky, D., Baggili, I., & Breitinger, F. (2016). Cufa: A more formal definition for digital forensic artifacts. Digital Investigation, 18, S125–S137.CrossRef
8.
Rafique, M., & Khan, M. (2013). Exploring static and live digital forensics: Methods, practices and tools. International Journal of Scientific and Engineering Research, 4(10), 1048–1056.
9.
Dezfoli, F. N., Dehghantanha, A., Mahmoud, R., Sani, N. F. B. M., & Daryabar, F. (2013). Digital forensic trends and future. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2(2), 48–76.
10.
Cai, L., Sha, J., & Qian, W. (2013). Study on forensic analysis of physical memory. In Proceedings of the 2nd International Symposium on Computer, Communication, Control and Automation (3CA 2013).
11.
Ligh, M. H., Case, A., Levy, J., & Walters, A. (2014). The art of memory forensics: Detecting malware and threats in Windows, Linux, and Mac memory. Indianapolis: Wiley.
12.
Al-Saleh, M., & Al-Sharif, Z. (2013). Ram forensics against cyber crimes involving files. In The Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec2013) (pp. 189–197). The Society of Digital Information and Wireless Communication.
13.
Shosha, A. F., Tobin, L., & Gladyshev, P. (2013). Digital forensic reconstruction of a program action. In Security and Privacy Workshops (SPW), 2013 IEEE (pp. 119–122). IEEE.
14.
Petroni, N. L., Walters, A., Fraser, T., & Arbaugh, W. A. (2006). Fatkit: A framework for the extraction and analysis of digital forensic data from volatile system memory. Digital Investigation, 3(4), 197–210.CrossRef
15.
Chan, E., Wan, W., Chaugule, A., & Campbell, R. (2009). A framework for volatile memory forensics. In Proceedings of the 16th ACM Conference on Computer and Communications Security.
16.
Olajide, F., Savage, N., Akmayeva, G., & Shoniregun, C. (2012). Identifying and finding forensic evidence on windows application. Journal of Internet Technology and Secured Transactions, ISSN, 2046–3723.
17.
Stüttgen, J., Vömel, S., & Denzel, M. (2015). Acquisition and analysis of compromised firmware using memory forensics. Digital Investigation, 12, S50–S60.CrossRef
18.
Shashidhar, N. K., & Novak, D. (2015). Digital forensic analysis on prefetch files. International Journal of Information Security Science, 4(2), 39–49.
19.
Simson, L., & Garfinkel, J. M. (2009). The new xml office document files: Implications for forensics. IEEE Security and Privacy, 7(2), 38–44.CrossRef
20.
Park, B., Park, J., & Lee, S. (2009). Data concealment and detection in microsoft office 2007 files. Digital Investigation, 5(3), 104–114.CrossRef
21.
Wolpers, M., Najjar, J., Verbert, K., & Duval, E. (2007). Tracking actual usage: the attention metadata approach. Educational Technology and Society, 10(3), 106–121.
22.
Castiglione, A., De Santis, A., & Soriente, C. (2007). Taking advantages of a disadvantage: Digital forensics and steganography using document metadata. Journal of Systems and Software, 80(5), 750–764.CrossRef
Metadaten
Titel
Towards the Memory Forensics of MS Word Documents
verfasst von
Ziad A. Al-Sharif
Hasan Bagci
Toqa’ Abu Zaitoun
Aseel Asad
Copyright-Jahr
2018
Buch
Information Technology - New Generations

Print ISBN: 978-3-319-54977-4

Electronic ISBN: 978-3-319-54978-1

Copyright-Jahr: 2018

DOI
https://doi.org/10.1007/978-3-319-54978-1_25

Premium Partner

    Bildnachweise