What are you looking for: identification of remnant communication artefacts in physical memory! Conference Paper uri icon

abstract

  • Law enforcement has sound methods for investigating and obtaining data about targets that are using traditional communication services such as the Public Switched Telephone Network. The Internet as a data transfer medium is a vastly different paradigm to that of traditional telephony networks. Information about targets using Internet communication technologies cannot be obtained using the same methods used for traditional communication. There has been an identified need for methods to obtain information on targets that have been using Internet communication methods. The acquisition and analysis of physical memory has been proposed as a vector for the recovery of such information. In order to investigate memory analysis and communication technologies, it is necessary to define the types of data that investigators should look for. To this end, the concept of a set of data artefacts has been defined that contains generic data types that are inherent to all Internet based communication applications. To demonstrate the utility of the concept, a case study is presented that applies the artefacts to Skype.

publication date

  • 2010