International Cyber Resilience conference
What are you Looking for: Identification of Remnant Communication Artefacts in Physical Memory
Document Type
Conference Proceeding
Publisher
School of Computer and Information Science, Security Research Centre, Edith Cowan University, Perth, Western Australia
Abstract
Law enforcement has sound methods for investigating and obtaining data about targets that are using traditional communication services such as the Public Switched Telephone Network. The Internet as a data transfer medium is a vastly different paradigm to that of traditional telephony networks. Information about targets using Internet communication technologies cannot be obtained using the same methods used for traditional communication. There has been an identified need for methods to obtain information on targets that have been using Internet communication methods. The acquisition and analysis of physical memory has been proposed as a vector for the recovery of such information. In order to investigate memory analysis and communication technologies, it is necessary to define the types of data that investigators should look for. To this end, the concept of a set of data artefacts has been defined that contains generic data types that are inherent to all Internet based communication applications. To demonstrate the utility of the concept, a case study is presented that applies the artefacts to Skype.
Comments
Originally published in the Proceedings of the 1st International Cyber Resilience Conference, Edith Cowan University, Perth Western Australia, 23rd August 2010