Forensic Analysis of Communication Records of Web-based Messaging Applications from Physical Memory

Diogo Barradas, Tiago Brito, David Duarte, Nuno Santos, Luís Rodrigues

2017

Abstract

Inspection of physical memory allows digital investigators to retrieve evidence otherwise inaccessible when analyzing other storage media. In this paper, we analyze in-memory communication records produced by web-based instant messaging and email applications. Our results show that, in spite of the heterogeneity of data formats specific to each application, communication records can be represented in a common application-independent format. This format can then be used as a common representation to allow for general analysis of digital artifacts across various applications, even when executed in different browsers. Then, we introduce RAMAS, an extensible forensic tool which aims to ease the process of analyzing communication records left behind in physical memory by instant-messaging and email web clients.

Download


Paper Citation


in Harvard Style

Barradas D., Brito T., Duarte D., Santos N. and Rodrigues L. (2017). Forensic Analysis of Communication Records of Web-based Messaging Applications from Physical Memory . In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017) ISBN 978-989-758-259-2, pages 43-54. DOI: 10.5220/0006396100430054


in Bibtex Style

@conference{secrypt17,
author={Diogo Barradas and Tiago Brito and David Duarte and Nuno Santos and Luís Rodrigues},
title={Forensic Analysis of Communication Records of Web-based Messaging Applications from Physical Memory},
booktitle={Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)},
year={2017},
pages={43-54},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006396100430054},
isbn={978-989-758-259-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)
TI - Forensic Analysis of Communication Records of Web-based Messaging Applications from Physical Memory
SN - 978-989-758-259-2
AU - Barradas D.
AU - Brito T.
AU - Duarte D.
AU - Santos N.
AU - Rodrigues L.
PY - 2017
SP - 43
EP - 54
DO - 10.5220/0006396100430054