Accession Number : ADA602889


Title :   Windows Memory Forensic Data Visualization


Descriptive Note : Master's thesis


Corporate Author : AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MANAGEMENT


Personal Author(s) : Baum, James B


Full Text : http://www.dtic.mil/get-tr-doc/pdf?AD=ADA602889


Report Date : 12 Jun 2014


Pagination or Media Count : 101


Abstract : Modern criminal investigators face an increasing number of computer-related crimes that require the application of digital forensic science. The major challenge facing digital forensics practitioners is the complicated task of acquiring an understanding of the digital data residing in electronic devices. Currently, this task requires significant experience and background to correctly aggregate the data their tools provide from the digital artifacts. Most of the tools available present their results in text files or tree lists. It is up to the practitioner to mentally capture a global understanding of the state of the device at the time of seizure and find the items of evidentiary interest. This research focuses on the application of Information Visualization techniques to improve the analysis of digital forensic evidence from Microsoft Windows memory captures. The visualization tool developed in this work presents both global and local views of the evidence based on user interactions with the graphics. The resulting visualizations provide the necessary details for verifying digital artifacts and assists in locating additional items of relevance. This proof-of-concept model can be modified to support various digital forensic target platforms including Mac OS X, Linux, and Android.


Descriptors :   *COMPUTER CRIMES , *DIGITAL SYSTEMS , *FORENSIC ANALYSIS , DATA BASES , ELECTRONIC EQUIPMENT , MEMORY DEVICES , THESES


Subject Categories : Sociology and Law


Distribution Statement : APPROVED FOR PUBLIC RELEASE