Recovery of Skype application activity data from physical memory
Files
(Published version)
Date
2010
Authors
Simon, M.
Slay, J.
Editors
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Conference paper
Citation
Proceedings of the Fifth International Conference on Availability, Reliability and Security ARES 2010, 2010, pp.283-288
Statement of Responsibility
Conference Name
2010 International Conference on Availability, Reliability and Security ARES 2010 (15 Feb 2010 - 18 Feb 2010 : Krakow, Poland)
Abstract
The use of Internet based communication technologies has become more prevalent in recent years. Technologies such as Skype provide a highly secure and decentralised method of communication. These technologies may also leave little evidence on static media causing conventional digital forensic processes to be ineffective. This research looks at exploiting physical memory to recover evidence from Internet based communication technologies where conventional methods cannot. The paper first proposes a set of generic target artefacts that defines information that may be targeted for recovery and the meaning that can be inferred from this. A controlled test was then undertaken where Skype was executed and the memory from the target machine collected. The analysis showed that it is feasible to recover the target data as applied to Skype, which would not be otherwise available. As this is the first set of tests of a series, the future direction is also discussed. © 2010 IEEE.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
Copyright 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.