Discover Your Island University

Graduate Projects


Project ID: 396
Author: Arun Kumar Ankam
Project Title: Implementation of a Windows Tool to Conduct Live Forensics Acquisition in Windows Systems
Semester: 2 2012
Committe Chair: Dr. Mario Garcia
Committee Member 1: Dr. Long-zhuang Li
Committee Member 2: Dr. David Thomas
Project Description: Forensics is the science of investigative study of data or information from surroundings in a scene of crime. Computer forensics deals with computer-related crimes like hacking, spoofing, phishing, etc.. Traditional forensics would investigate the system in its dead state. That is, the system would be disconnected, brought to a forensics lab and investigative analysis on the data would be performed. It is very safe, because the system would be frozen and would not be able to act on anything, thus providing an ideal set up for investigation. However, once the power cord is pulled out, the live data is lost forever. And live data is of prime importance because they contain processes running, memory usage, open ports, communications happening, objects being altered, malicious pieces of code running, information strings passed over the network, system passwords and many such valuable pieces of information which can be counted as vital evidence. Hence, live forensics is the methodology to extract all the live information from the compromised machine. In order to perform the live acquisition without contaminating the data, a forensic expert is generally preferred; however the availability of a forensic expert may or may not be possible at all times. In this project a new tool, compatible with Windows 7 operating system, is implemented that can automate the process of carrying out the live forensics acquisition.
Project URL:   396.pdf