{"title":"Research on Extracting System Logged-In Password Forensically from Windows Memory Image File","authors":"Lijuan Xu, Lianhai Wang","doi":"10.1109/CIS.2013.156","DOIUrl":null,"url":null,"abstract":"Forensics analysis of physical memory is a key point in computer living forensics. Most of the research carried out focusing on enumerating processes and threads by accessing memory resident objects. However, collecting case sensitive information from the extracted memory content is import and difficult in computer forensics. Password plaintext is one of the most concerning sensitive information to an investigator. The traditional methods to extract system logged in password plaintext mainly rely on cracker tools, whose success rate depend on the password complexity. The important contribution of the paper is a new technique for extracting system logged-in password plaintext from physical memory. It allows extracting arbitrary length system logged-in password plaintext. The proposed method can extract system logged-in password plaintext of Windows XP and Windows 7.","PeriodicalId":294223,"journal":{"name":"2013 Ninth International Conference on Computational Intelligence and Security","volume":"107 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 Ninth International Conference on Computational Intelligence and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIS.2013.156","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
Forensics analysis of physical memory is a key point in computer living forensics. Most of the research carried out focusing on enumerating processes and threads by accessing memory resident objects. However, collecting case sensitive information from the extracted memory content is import and difficult in computer forensics. Password plaintext is one of the most concerning sensitive information to an investigator. The traditional methods to extract system logged in password plaintext mainly rely on cracker tools, whose success rate depend on the password complexity. The important contribution of the paper is a new technique for extracting system logged-in password plaintext from physical memory. It allows extracting arbitrary length system logged-in password plaintext. The proposed method can extract system logged-in password plaintext of Windows XP and Windows 7.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
