Video surveillance : The forensically sound retrieval and investigation of picture content off a memory dump
暂无分享,去创建一个
Based on aspects of our previous work presented in [KHD09], in this paper we give an extended guideline about how to forensically acquire, locate and extract graphics content within memory dumps of Windows-based systems. This includes the assurance of integrity and authenticity of evidence gathered this way using cryptographic mechanisms. The advantage of our proposed approach we see in handing the initiation of data gathering process over to the operator of an IT-system whilst still allowing for a forensic sound investigation. With our approach the picture content is effectively tied to the application and the IT-system that runs it, ruling out most claims of manipulation of the resulting picture. The subsequent investigation is shown together with a first proposal to identify picture regions automatically.
[1] Jana Dittmann,et al. A new forensic model and its application to the collection, extraction and long term storage of screen content off a memory dump , 2009, 2009 16th International Conference on Digital Signal Processing.
[2] Eugene H. Spafford,et al. A hypothesis-based approach to digital forensic investigations , 2006 .
[3] H. Zimmermann,et al. OSI Reference Model - The ISO Model of Architecture for Open Systems Interconnection , 1980, IEEE Transactions on Communications.