Gesellschaft fr Informatik e.V.

Lecture Notes in Informatics


INFORMATIK 2009 - Im Focus das Leben P-154, 1619-1633 (2008).

Gesellschaft für Informatik, Bonn
2008


Editors

Stefan Fischer, Erik Maehle, Rüdiger Reischuk (eds.)


Copyright © Gesellschaft für Informatik, Bonn

Contents

Video surveillance: A new forensic model for the forensically sound retrival of picture content off a memory dump

Stefan Kiltz , Tobias Hoppe , Jana Dittmann and Claus Vielhauer

Abstract


Based on aspects of our previous work presented in [KHD09], in this paper we give an extended guideline about how to forensically acquire, locate and extract graphics content within memory dumps of Windows-based systems. This includes the assurance of integrity and authenticity of evidence gathered this way using cryptographic mechanisms. The advantage of our proposed approach we see in handing the initiation of data gathering process over to the operator of an IT-system whilst still allowing for a forensic sound investigation. With our approach the picture content is effectively tied to the application and the IT-system that runs it, ruling out most claims of manipulation of the resulting picture. The subsequent investigation is shown together with a first proposal to identify picture regions automatically.


Full Text: PDF

Gesellschaft für Informatik, Bonn
ISBN 978-3-88579-241-3


Last changed 24.01.2012 22:09:03