Semester of Graduation
Master of Science in Computer Science (MSCS)
A branch of cyber security known as memory forensics focuses on extracting meaningful evidence from system memory. This analysis is often referred to as volatile memory analysis, and is generally performed on memory captures acquired from target systems. Inside of a memory capture is the complete state of a system under investigation, including the contents of currently running as well as previously executed applications. Analysis of this data can reveal a significant amount of activity that occurred on a system since the last reboot. For this research, the Windows operating system is targeted. In particular, the graphical user interface component that includes the taskbar, start menu and notification system will be examined for possible forensic artifacts. The techniques presented in this research are valuable to a forensic investigator trying to find evidence. They are also useful for penetration testers trying to determine if a tool has left any evidence behind for investigators to find.
The research described in this thesis led to development of a scanning technique that served as the basis for a Volatility plugin that automates finding GUI related artifacts. To support this research, a lab consisting of three virtual machines (VM) was created using VMware. Two Windows 10 virtual machines were created for generating artifacts and one Linux was created for scanning the Windows machines. These machines were connected to a live router briefly for gathering network information.
This these explores the strengths and limitations of this searching discovered during research. Lastly, future applications of this research are covered.
Wilson, Edward X. Mr., "Finding Forensic Evidence In the Operating System's Graphical User Interface" (2023). LSU Master's Theses. 5701.
Dr. Golden Richard III
Criminology Commons, Criminology and Criminal Justice Commons, Graphics and Human Computer Interfaces Commons, Human Factors Psychology Commons, Information Security Commons, OS and Networks Commons, Science and Technology Studies Commons, Social Control, Law, Crime, and Deviance Commons, Social Justice Commons, Technology and Innovation Commons