A Study of Application Level Information From The Volatile Memory of Windows Computer Systems

Olajide, F. 2011. A Study of Application Level Information From The Volatile Memory of Windows Computer Systems. PhD thesis University of Portsmouth

TitleA Study of Application Level Information From The Volatile Memory of Windows Computer Systems
TypePhD thesis
AuthorsOlajide, F.
Abstract

The purpose of this research work was to investigate into the seven most commonly used applications in order to uncover information that may have been hidden from forensic investigators by extracting the application level information from volatile memory of a Windows system and performing analysis of that volatile memory. The aim of this research was to formulate how the extracted application level information can be reconstructed to describe what user activities had taken place on the application under investigation. After reviewing the relevant literature on volatile memory analysis and forensically relevant data from Windows applications, this thesis confines its research to a study of the application level information and the volatile memory analysis of Windows applications.

Quantitative and qualitative results were produced in this study. The quantitative assessment consists of four metrics and that were used to investigate the quantity of user input on the applications while the qualitative measures were formulated to infer what the user is doing on the application, what they have been doing and what they are using the applications for. The reconstruction of user input activities was carried out by using some commonly used English words to search for user input and pattern matching techniques for when the user input is known in the investigation.

The analysis of user input was discussed based on four scenarios developed for this research. The result shows that different amounts of user input can be recovered from various applications. The result in scenario 1, indicates that user input can be recovered easily from Word, PowerPoint, Outlook Email and Internet Explorer 7.0 and that little user input can be found on Excel, MS Access and Adobe Reader 8.0. In scenario 2, a significant amount of user input was recovered in the memory allocated to all the applications except MS Access where little user input was found. In scenario3, only Outlook Email and Internet Explorer 7.0 resulted in a large amount of user input being recovered. The rest of the applications retain little user input in memory. In scenario 4, a greatly reduced amount of information was found for all the applications. But some user input was found from Outlook Email and Internet Explorer 7.0 which shows that user input can be retained for some time in the memory. After the analysis of user input, the importance of volatile memory of the application level information was discussed.

A procedure has been formulised for the extraction and analysis of application level information and these have been discussed with respect to their use in the court of law based on the five Daubert tests of scientific method of gathering digital evidence. As presented, three out of the Daubert tests have been completed while the two others forms the unique contribution of the research project to digital forensic community. The author recommends that the research theory of application level information should be extended to other operating systems using the scenarios formulated in this research project.

Year2011
PublisherUniversity of Portsmouth
Publication dates
PublishedSep 2011
Web address (URL)https://pure.port.ac.uk/ws/portalfiles/portal/5949425/23_04_2012_DR._FUNMINIYI_OLAJIDE_PhD_THESIS_CD_DVD.pdf

Related outputs

Security and Privacy Issues in IoT Healthcare Application for Disabled Users in Developing Economies
Assa-Agyei, K., Olajide, F. and Lotfi, A. 2022. Security and Privacy Issues in IoT Healthcare Application for Disabled Users in Developing Economies. Journal of Internet Technology and Secured Transactions (JITST). 10 (1), pp. 770-779. https://doi.org/10.20533/jitst.2046.3723.2022.0095

Towards the Design of an Intelligent Automation Framework for Business Processes
Olajide, F. 2022. Towards the Design of an Intelligent Automation Framework for Business Processes. The 5th International Conference on Information and Computer Technologies (ICICT 2022). New York City, The United States 04 - 06 Mar 2022 IEEE . https://doi.org/10.1109/ICICT55905.2022.00010

A Cost-benefit Analysis of Information Security Mitigation Methods for ORVIs
Street, J. and Olajide, F. 2021. A Cost-benefit Analysis of Information Security Mitigation Methods for ORVIs. Journal of Internet Technology and Secured Transactions (JITST). 9 (1), pp. 747-755. https://doi.org/10.20533/jitst.2046.3723.2021.0092

Using Hyperledger Fabric Blockchain to Maintain the Integrity of Digital Evidence in a Containerised Cloud Ecosystem
Awuson-David, K., Al-Hadhrami, T., Olajide, F. and Lotfi, A. 2020. Using Hyperledger Fabric Blockchain to Maintain the Integrity of Digital Evidence in a Containerised Cloud Ecosystem. 4th International Conference of Reliable Information and Communication Technology 2019 (IRICT 2019). Johor, Malaysia 22 - 23 Sep 2019 Springer. https://doi.org/10.1007/978-3-030-33582-3_79

A technological approach towards the measurement of enterprise agility
Williams, O C. and Olajide, F. 2020. A technological approach towards the measurement of enterprise agility. 15th Iberian Conference on Information Systems and Technologies (CISTI). Seville, Spain 24 - 27 Jun 2020 IEEE . https://doi.org/10.23919/CISTI49556.2020.9141142

Sensor Network in Automated Hand Hygiene Systems Using IoT for Public Building
Olajide, F. 2020. Sensor Network in Automated Hand Hygiene Systems Using IoT for Public Building. 4th International Conference of Reliable Information and Communication Technology 2019 (IRICT 2019). Johor, Malaysia 22 - 23 Sep 2019 Springer. pp. 463–476 https://doi.org/10.1007/978-3-030-33582-3_44

Exploring process of information systems and information technology for enterprise agility
Williams, O., Olajide, F., Al-Hadhrami, T. and Lotfi, A. 2019. Exploring process of information systems and information technology for enterprise agility. 4th International Conference of Reliable Information and Communication Technology 2019 (IRICT 2019). Johor, Malaysia 22 - 23 Sep 2019 Springer. https://doi.org/10.1007/978-3-030-33582-3_98

Forensic Use Case Analysis of User Input in Windows Application
Olajide, F., Al-hadrami, T. and James-Taylor, A. 2018. Forensic Use Case Analysis of User Input in Windows Application. 3rd International Conference of Reliable Information and Communication Technology (IRICT 2018). Kuala Lumpur, Malaysia 23 - 24 Jul 2018 Springer. https://doi.org/10.1007/978-3-319-99007-1_58

Digital Investigation and Forensic User Analysis
Olajide, F., Al-Hadrami, T. and James-Taylor, A. 2018. Digital Investigation and Forensic User Analysis. 3rd International Conference of Reliable Information and Communication Technology (IRICT 2018). Kuala Lumpur, Malaysia 23 - 24 Jul 2018 Springer. https://doi.org/10.1007/978-3-319-99007-1_59

Power aware routing algorithms (PARA) in wireless mesh networks for emergency management
Olajide, F. 2018. Power aware routing algorithms (PARA) in wireless mesh networks for emergency management. PLoS ONE. 13 (10). https://doi.org/10.1371/journal.pone.0204751

Framework Design for Implementation of Secured TPM on E-commerce
Kennedy, C.G., Cho, D., Olajide, F. and John, S. 2017. Framework Design for Implementation of Secured TPM on E-commerce. 12th International Conference on Cyber Warfare and Security ICCWS 2017. Wright State University with the Air Force Institute of Technology, Dayton, USA ACPI.

Network forensics tools in a mixed-network environment and the adoption of e-voting system in developing countries
Olajide, F. 2016. Network forensics tools in a mixed-network environment and the adoption of e-voting system in developing countries. International Journal of Pharmacy and Technology. 8 (4), pp. 23115-23128.

On the investigation of social network analysis for E-commerce transaction in south-west region of Nigeria
Olajide, F., Adeshakin, K., Misra, S. and Ayo, C.K. 2016. On the investigation of social network analysis for E-commerce transaction in south-west region of Nigeria. International Journal of Pharmacy & Technology. 8 (4).

Towards the investigation of using social network analysis for counter terrorism in West Africa: case study of Boko Haram in Nigeria
Olajide, F. and Adeshakin, K. 2016. Towards the investigation of using social network analysis for counter terrorism in West Africa: case study of Boko Haram in Nigeria. Journal of Engineering Science and Technology. 11 (11), pp. 1629 - 1638.

Developing a state of the art methodology & toolkit for ICS SCADA forensics
Olajide, F. 2016. Developing a state of the art methodology & toolkit for ICS SCADA forensics. International Journal of Industrial Control Systems Security. 1 (2), pp. 44-56. https://doi.org/10.20533/ijicss.9781.9083.20346.2016.0005

Realtime fraud detection in the banking sector using data mining techniques/algorithm
Olajide, F. 2016. Realtime fraud detection in the banking sector using data mining techniques/algorithm. 2016 International Conference on Computational Science and Computational Intelligence (CSCI). Las Vegas, NV 15 - 16 Dec 2016 IEEE . https://doi.org/10.1109/CSCI.2016.0224

Sequences of numbers obtained by digit and iterative digit sums of Sophie Germain primes and its variants
Olajide, F. 2016. Sequences of numbers obtained by digit and iterative digit sums of Sophie Germain primes and its variants. Global Journal of Pure and Applied Mathematics. 12 (2), pp. 1473-1480.

Implementation of the enhanced fingerprint authentication in the ATM system using ATmega128
Olajide, F. 2016. Implementation of the enhanced fingerprint authentication in the ATM system using ATmega128. International Conference on Security and Management (SAM). Las Vegas, USA 25 - 28 Jul 2016 The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp).

Forensic Live Response: Why an Object May be Evidence in the Court of Law?
Olajide, F. 2015. Forensic Live Response: Why an Object May be Evidence in the Court of Law? International Conference on Cyberspace Governance: The Imperative for National and Economic Security (CyberAbuja2015). Abuja 04 - 07 Nov 2015 IEEE .

On some suggested applications of sudoku in information systems security
Olajide, F. 2015. On some suggested applications of sudoku in information systems security. Asian Journal of Information Technology. 14 (4), pp. 117 - 121. https://doi.org/10.36478/ajit.2015.117.121

FALI: Time Memory Information of Windows Computer Systems
Olajide, F. 2013. FALI: Time Memory Information of Windows Computer Systems. International Journal of Intelligent Computing Research. 4 (4).

On the Analysis of Information Found on Windows Application Memory
Olajide, F., Savage, N., Akmayeva, G. and Shoniregun, C.A. 2013. On the Analysis of Information Found on Windows Application Memory. International Journal of Intelligent Computing Research. 4 (2). https://doi.org/10.20533/ijicr.2042.4655.2013.0042

On the Identification of Information Extracted from Windows Physical Memory
Olajide, F. and Savage, N. 2012. On the Identification of Information Extracted from Windows Physical Memory. International Journal for Information Security Research (IJISR). 2 (3), pp. 164-168. https://doi.org/10.20533/ijisr.2042.4639.2012.0020

Extracting Forensically Relevant Information From Windows Applications
Olajide, F., Savage, N., Akmayeva, G. and Shoniregun, C. 2012. Extracting Forensically Relevant Information From Windows Applications. 2012 International Conference on Information Society (i-Society). London, United Kingdom 25 - 28 Jun 2018 IEEE .

Extracting forensically relevant information from windows application
Olajide, F., Savage, N., Akmayeva, G. and Shoniregun, C. 2012. Extracting forensically relevant information from windows application. International Conference on Information Society. London, UK 27 - 29 Jun 2011 IEEE .

Forensic memory evidence of windows application
Olajide, F., Savage, N., Akmayeva, G. and Trafford, R. 2012. Forensic memory evidence of windows application. 2012 International Conference for Internet Technology and Secured Transactions. London, UK 10 - 12 Dec 2012 IEEE .

Digital forensic research—The analysis of user input on volatile memory of Windows application
Olajide, F., Savage, N., Akmayeva, G. and Shoniregun, C. 2012. Digital forensic research—The analysis of user input on volatile memory of Windows application. World Congress on Internet Security (WorldCIS-2012). Guelph, ON, Canada 10 - 12 Jun 2012 IEEE .

Digital Forensic Research and Method of Extracting Relevant Information From Physical Memory Of Windows Systems
Olajide, F. 2011. Digital Forensic Research and Method of Extracting Relevant Information From Physical Memory Of Windows Systems. Fourth International Conference on Internet Technologies and Applications (ITA 11). Glyndwr University, North Wales, UK 06 - 09 Sep 2011

Dispersal of time aspect of information stored on physical memory
Olajide, F. and Savage, N. 2011. Dispersal of time aspect of information stored on physical memory. Cyberforensics 2011 - International conference on cybercrime, security and digital forensics. Glasgow, UK 27 - 28 Jun 2018

Extraction of user information by pattern matching techniques in windows physical memory
Olajide, F. and Savage, N. 2011. Extraction of user information by pattern matching techniques in windows physical memory. Digital Enterprise and Information Systems International Conference, DEIS 2011. London, UK 20 - 22 Jul 2011 Springer. https://doi.org/10.1007/978-3-642-22603-8_40

Forensic extraction of user information in continuous block of evidence
Olajide, F. 2011. Forensic extraction of user information in continuous block of evidence. International Conference on Information Society. London, UK 27 - 29 Jun 2011 IEEE . https://doi.org/10.1109/i-Society18435.2011.5978501

On the extraction of forensically relevant information from physical memory
Olajide, F. 2011. On the extraction of forensically relevant information from physical memory. 2011 World Congress on Internet Security. London, UK 21 - 23 Feb 2011 IEEE . https://doi.org/10.1109/WorldCIS17046.2011.5749861

Application Level Evidence and Event Reconstruction
Olajide, F. 2010. Application Level Evidence and Event Reconstruction. Journal of Computing in Systems & Engineering. 10, pp. 171-175.

Application level evidence from volatile memory
Olajide, F. and Savage, N. 2009. Application level evidence from volatile memory. Journal of Computing in Systems and Engineering. 10, pp. 171-175.

Forensic live response and event reconstruction methods in Linux systems
Olajide, F. 2009. Forensic live response and event reconstruction methods in Linux systems. 10th Annual PostGraduate Symposium on The Convergence of Telecommunications, Networking and Broadcasting. 10th Annual PostGraduate Symposium on The Convergence of Telecommunications, Networking and Broadcasting

Permalink - https://westminsterresearch.westminster.ac.uk/item/w464q/a-study-of-application-level-information-from-the-volatile-memory-of-windows-computer-systems


Share this

Usage statistics

27 total views
0 total downloads
These values cover views and downloads from WestminsterResearch and are for the period from September 2nd 2018, when this repository was created.