Araştırma Makalesi
BibTex RIS Kaynak Göster

Recovering Multimedia Files from a Memory Image

Yıl 2018, Cilt: 21 Sayı: 3, 731 - 737, 01.09.2018
https://doi.org/10.2339/politeknik.417767

Öz

The widespread use of digital technologies
increases the size of data stored in digital media. The increased amount of
stored data also brings along data security risks. One of the most important
risks in personal data security is the unauthorized or accidental data
deletion. There are file recovery and carving software for recovering deleted
files from the storage devices. Files must be
loaded into RAM to be used in the
operating system. These files are stored in RAM for a certain amount of time by
the memory manager. Therefore, a file opened or deleted by the user in the
operating system can be found in the RAM. File carving techniques must be
applied to RAM to access these files.



In this study, the file carving and the performance
values of the multimedia files carved by using different signature structures
with file carving software from the RAM image were compared. In the study,
carving has been performed with the header and footer signatures of the used
and terminated multimedia files (JPG, PNG, GIF, BMP) used in Windows 10
operating system. In the carving process, file carving durations and carving
success rates are extracted using different signature structures of the same
file type. In the light of these results, the performance data of multimedia
file types are evaluated according to the signature structures used. The RAM
image retrieval and file carving software used in the study has been developed
by us as a part of the Ph.D. project. 

Kaynakça

  • [1] Law, Frank Y.W., K.P. Chow, Michael Y.K. Kwan, and Pierre K.Y. Lai., “Consistency Issue on Live Systems Forensics”, IEEE Future Generation Communication and Networking (FGCN): 136–40, (2007).
  • [2] (KJ) Kuchta and Kelly J., “Forensic Methodologies: A Computer Forensic Professional’s Compass!”, Information Systems Security 10(6): 42–49, (2002).
  • [3] Zanoni, M., Perin, F., Fontana, F. A., and Viscusi, G., “Pattern detection for conceptual schema recovery in data-intensive systems”, Journal of Software: Evolution and Process, 26(12), 1172–1192, (2014). [4] Povar, D., and Bhadran, V. K., “Forensic data carving. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, 53:137–148, (2011). https://doi.org/10.1007/978-3-642-19513-6_12
  • [5] Al-sharif Z. A, Bagci H and Asad A., “Towards the Memory Forensics of MS Word Documents”, Information Technology - New Generations, 558: 179–85, (2018). doi:10.1007/978-3-319-54978-1.
  • [6] Burdach, M., “Digital forensics of the physical memory” Journal of the National Cancer Institute. Monographs, 2013(47): (2013). https://doi.org/10.1093/jncimonographs/lgt036
  • [7] Hejazi, S. M., Talhi, C., and Debbabi, M., “Extraction of forensically sensitive information from windows physical memory”, Digital Investigation, 6(SUPPL.), (2009). https://doi.org/10.1016/j.diin.2009.06.003
  • [8] Quina GN, Diaz J, Park SGY and Piccirilli D., “Data restoration and file carving [Restauración de datos y el File Carving]” Iber Conf Inf Syst Technol Cist, (2017). doi:10.23919/CISTI.2017.7976035.XXX
  • [9] Vömel, S., and Freiling, F. C., “A survey of main memory acquisition and analysis techniques for the windows operating system” Digital Investigation,8:3-22,(2011). https://doi.org/10.1016/j.diin.2011.06.002
  • [10] Bui, S., Enyeart, M., and Luong, J., “Issues in Computer Forensics”, Santa Clara University Computer Retrieved from http://www.cse.scu.edu/~jholliday/COEN150sp03/projects/Forensic Investigation.pdf, (2003).
  • [11] van Baar, R. B., Alink, W., and van Ballegooij, A. R., “ Forensic memory analysis: Files mapped in memory”, Digital Investigation, 5(SUPPL.), 5:S52-S57, (2008). https://doi.org/10.1016/j.diin.2008.05.014
  • [12] Garcia, G. L., “Forensic physical memory analysis: an overview of tools and techniques”, In TKK T-110.5290 Seminar on Network Security, 207:305–320, (2007).

Recovering Multimedia Files from a Memory Image

Yıl 2018, Cilt: 21 Sayı: 3, 731 - 737, 01.09.2018
https://doi.org/10.2339/politeknik.417767

Öz

The widespread use of digital technologies
increases the size of data stored in digital media. The increased amount of
stored data also brings along data security risks. One of the most important
risks in personal data security is the unauthorized or accidental data
deletion. There are file recovery and carving software for recovering deleted
files from the storage devices. Files must be
loaded into RAM to be used in the
operating system. These files are stored in RAM for a certain amount of time by
the memory manager. Therefore, a file opened or deleted by the user in the
operating system can be found in the RAM. File carving techniques must be
applied to RAM to access these files.



In this study, the file carving and the performance
values of the multimedia files carved by using different signature structures
with file carving software from the RAM image were compared. In the study,
carving has been performed with the header and footer signatures of the used
and terminated multimedia files (JPG, PNG, GIF, BMP) used in Windows 10
operating system. In the carving process, file carving durations and carving
success rates are extracted using different signature structures of the same
file type. In the light of these results, the performance data of multimedia
file types are evaluated according to the signature structures used. The RAM
image retrieval and file carving software used in the study has been developed
by us as a part of the Ph.D. project. 

Kaynakça

  • [1] Law, Frank Y.W., K.P. Chow, Michael Y.K. Kwan, and Pierre K.Y. Lai., “Consistency Issue on Live Systems Forensics”, IEEE Future Generation Communication and Networking (FGCN): 136–40, (2007).
  • [2] (KJ) Kuchta and Kelly J., “Forensic Methodologies: A Computer Forensic Professional’s Compass!”, Information Systems Security 10(6): 42–49, (2002).
  • [3] Zanoni, M., Perin, F., Fontana, F. A., and Viscusi, G., “Pattern detection for conceptual schema recovery in data-intensive systems”, Journal of Software: Evolution and Process, 26(12), 1172–1192, (2014). [4] Povar, D., and Bhadran, V. K., “Forensic data carving. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, 53:137–148, (2011). https://doi.org/10.1007/978-3-642-19513-6_12
  • [5] Al-sharif Z. A, Bagci H and Asad A., “Towards the Memory Forensics of MS Word Documents”, Information Technology - New Generations, 558: 179–85, (2018). doi:10.1007/978-3-319-54978-1.
  • [6] Burdach, M., “Digital forensics of the physical memory” Journal of the National Cancer Institute. Monographs, 2013(47): (2013). https://doi.org/10.1093/jncimonographs/lgt036
  • [7] Hejazi, S. M., Talhi, C., and Debbabi, M., “Extraction of forensically sensitive information from windows physical memory”, Digital Investigation, 6(SUPPL.), (2009). https://doi.org/10.1016/j.diin.2009.06.003
  • [8] Quina GN, Diaz J, Park SGY and Piccirilli D., “Data restoration and file carving [Restauración de datos y el File Carving]” Iber Conf Inf Syst Technol Cist, (2017). doi:10.23919/CISTI.2017.7976035.XXX
  • [9] Vömel, S., and Freiling, F. C., “A survey of main memory acquisition and analysis techniques for the windows operating system” Digital Investigation,8:3-22,(2011). https://doi.org/10.1016/j.diin.2011.06.002
  • [10] Bui, S., Enyeart, M., and Luong, J., “Issues in Computer Forensics”, Santa Clara University Computer Retrieved from http://www.cse.scu.edu/~jholliday/COEN150sp03/projects/Forensic Investigation.pdf, (2003).
  • [11] van Baar, R. B., Alink, W., and van Ballegooij, A. R., “ Forensic memory analysis: Files mapped in memory”, Digital Investigation, 5(SUPPL.), 5:S52-S57, (2008). https://doi.org/10.1016/j.diin.2008.05.014
  • [12] Garcia, G. L., “Forensic physical memory analysis: an overview of tools and techniques”, In TKK T-110.5290 Seminar on Network Security, 207:305–320, (2007).
Toplam 11 adet kaynakça vardır.

Ayrıntılar

Birincil Dil İngilizce
Konular Mühendislik
Bölüm Araştırma Makalesi
Yazarlar

Ahmet Ali Süzen

Kubilay Taşdelen Bu kişi benim

Yayımlanma Tarihi 1 Eylül 2018
Gönderilme Tarihi 19 Şubat 2018
Yayımlandığı Sayı Yıl 2018 Cilt: 21 Sayı: 3

Kaynak Göster

APA Süzen, A. A., & Taşdelen, K. (2018). Recovering Multimedia Files from a Memory Image. Politeknik Dergisi, 21(3), 731-737. https://doi.org/10.2339/politeknik.417767
AMA Süzen AA, Taşdelen K. Recovering Multimedia Files from a Memory Image. Politeknik Dergisi. Eylül 2018;21(3):731-737. doi:10.2339/politeknik.417767
Chicago Süzen, Ahmet Ali, ve Kubilay Taşdelen. “Recovering Multimedia Files from a Memory Image”. Politeknik Dergisi 21, sy. 3 (Eylül 2018): 731-37. https://doi.org/10.2339/politeknik.417767.
EndNote Süzen AA, Taşdelen K (01 Eylül 2018) Recovering Multimedia Files from a Memory Image. Politeknik Dergisi 21 3 731–737.
IEEE A. A. Süzen ve K. Taşdelen, “Recovering Multimedia Files from a Memory Image”, Politeknik Dergisi, c. 21, sy. 3, ss. 731–737, 2018, doi: 10.2339/politeknik.417767.
ISNAD Süzen, Ahmet Ali - Taşdelen, Kubilay. “Recovering Multimedia Files from a Memory Image”. Politeknik Dergisi 21/3 (Eylül 2018), 731-737. https://doi.org/10.2339/politeknik.417767.
JAMA Süzen AA, Taşdelen K. Recovering Multimedia Files from a Memory Image. Politeknik Dergisi. 2018;21:731–737.
MLA Süzen, Ahmet Ali ve Kubilay Taşdelen. “Recovering Multimedia Files from a Memory Image”. Politeknik Dergisi, c. 21, sy. 3, 2018, ss. 731-7, doi:10.2339/politeknik.417767.
Vancouver Süzen AA, Taşdelen K. Recovering Multimedia Files from a Memory Image. Politeknik Dergisi. 2018;21(3):731-7.
 
TARANDIĞIMIZ DİZİNLER (ABSTRACTING / INDEXING)
181341319013191 13189 13187 13188 18016 

download Bu eser Creative Commons Atıf-AynıLisanslaPaylaş 4.0 Uluslararası ile lisanslanmıştır.