ISSN : 1796-203X
Volume : 4    Issue : 1    Date : January 2009

Collecting Sensitive Information from Windows Physical Memory
Qian Zhao and Tianjie Cao
Page(s): 3-10
Full Text:
PDF (401 KB)

When investigators are faced with a target system, they want to find sensitive information such as
userID and password. Unfortunately, sensitive information can not be found on the hard drive in
most cases. Consequently, sensitive information needs to be gathered from physical memory. In
our research, we have found lots of sensitive information from physical memory by different
techniques. Besides userID and password, we also have found QQ-chat logs that never have been
referred in other papers.

Index Terms
memory forensics, sensitive information, live system