Grasshopper: an orthogonally persistent operating system
Computing Systems
Inside Microsoft Windows 2000
An algorithm for stabilising multiple stores
EW 9 Proceedings of the 9th workshop on ACM SIGOPS European workshop: beyond the PC: new challenges for the operating system
Persistent Systems Architectures
Proceedings of the Third International Workshop on Persistent Object Systems
Support for Objects in the MONADS Architecture
Proceedings of the Third International Workshop on Persistent Object Systems
An Approach to Implementing Persistent Computations
POS-9 Revised Papers from the 9th International Workshop on Persistent Object Systems
Using directed graphs to describe entity dependency in stable distributed persistent stores
HICSS '95 Proceedings of the 28th Hawaii International Conference on System Sciences
Digital Evidence and Computer Crime
Digital Evidence and Computer Crime
Forensic Discovery
Mac OS X Internals
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Data hiding in the NTFS file system
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Searching for processes and threads in Microsoft Windows memory dumps
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A hardware-based memory acquisition procedure for digital investigations
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Automated Windows Memory File Extraction for Cyber Forensics Investigation
Journal of Digital Forensic Practice
Hi-index | 0.00 |
In this paper we discuss how operating system design and implementation influence the methodology for computer forensics investigations, with the focus on forensic acquisition of memory. In theory the operating system could support such investigations both in terms of tools for analysis of data and by making the system data readily accessible for analysis. Conventional operating systems such as Windows and UNIX derivatives offer some memory-related tools that are geared towards the analysis of system crashes, rather than forensic investigations. In this paper we demonstrate how techniques developed for persistent operating systems, where lifetime of data is independent of the method of its creation and storage, could support computer forensics investigations delivering higher efficiency and accuracy. It is proposed that some of the features offered by persistent systems could be built into conventional operating systems to make illicit activities easier to identify and analyse. We further propose a new technique for forensically sound acquisition of memory based on the persistence paradigm.