Forensic Analysis of Communication Records of Web-based Messaging Applications from Physical Memory
Diogo Barradas, Tiago Brito, David Duarte, Nuno Santos, Luís Rodrigues
2017
Abstract
Inspection of physical memory allows digital investigators to retrieve evidence otherwise inaccessible when analyzing other storage media. In this paper, we analyze in-memory communication records produced by web-based instant messaging and email applications. Our results show that, in spite of the heterogeneity of data formats specific to each application, communication records can be represented in a common application-independent format. This format can then be used as a common representation to allow for general analysis of digital artifacts across various applications, even when executed in different browsers. Then, we introduce RAMAS, an extensible forensic tool which aims to ease the process of analyzing communication records left behind in physical memory by instant-messaging and email web clients.
DownloadPaper Citation
in Harvard Style
Barradas D., Brito T., Duarte D., Santos N. and Rodrigues L. (2017). Forensic Analysis of Communication Records of Web-based Messaging Applications from Physical Memory . In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017) ISBN 978-989-758-259-2, pages 43-54. DOI: 10.5220/0006396100430054
in Bibtex Style
@conference{secrypt17,
author={Diogo Barradas and Tiago Brito and David Duarte and Nuno Santos and Luís Rodrigues},
title={Forensic Analysis of Communication Records of Web-based Messaging Applications from Physical Memory},
booktitle={Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)},
year={2017},
pages={43-54},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006396100430054},
isbn={978-989-758-259-2},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)
TI - Forensic Analysis of Communication Records of Web-based Messaging Applications from Physical Memory
SN - 978-989-758-259-2
AU - Barradas D.
AU - Brito T.
AU - Duarte D.
AU - Santos N.
AU - Rodrigues L.
PY - 2017
SP - 43
EP - 54
DO - 10.5220/0006396100430054