Total views : 281

Forensic Investigation and Analysis of User Input Information in Business Application


  • Department of Computer and Information Sciences, Covenant University, Ota, Nigeria


Objectives: This paper investigates the amount of user input that can be recovered from the volatile memory of Windows computer systems while an application is still running. Additionally, an investigation into temporal, functional analysis and event reconstruction of user input activities in business application is discussed and reported upon. Methods/Analysis: Forensically, relevant user information is suitable for an evidentiary purpose. Therefore, the qualitative assessment of user input on commonly used windows-based applications is presented. Findings: In this research, detailed emphasis has been laid on the quality of evidence recovered from the allocated line numbers of the application memory. This approach describes the process of securing digital evidence for investigators. The research uncovers the process of analysing the forensically relevant data recovered from Windows applications. The investigation comprises of the following; dumping of memory, data extraction, strings evidence strings conversion, result finding of the evidence and also, reconstructing the extracted evidence of user information. Applications/Improvement: This research focuses on digital forensic investigation of digital images captured and the memory analysis of user information on using some very popular windows based applications. It is aimed that this may become part of forensic analysis in digital investigations.


Application, Forensic, Fraud Information, Investigation, User-Input.

Full Text:

 |  (PDF views: 359)


  • Lee S, Sunghyuck H. Analysis of time records on digital forensics. Indian Journal of Science and Technology. 2015; 8(7):365–72.
  • Kleiman D, Carvey H. Windows forensic analysis. Incident Response and Cybercrime Investigation Secrets. Burlington: Syngress Publishing; 2007.
  • Syambas NR, El Farisi. Development of digital evidence collection methods in case of digital forensic using two step inject methods. JICT Res Appl ITB. 2015; 8(2):141–56.
  • Olajide F, Savage N. Dispersal of time sensitive evidence in windows physical memory. Cyberforensics, International Conference on Cybercrime, Security and Digital Forensic; Glasgow, UK: The University of Strathclyde. 2011. p. 27–9.
  • Heriyanto, AP. Procedures and tools for acquisition and analysis of volatile memory on android smartphones. 11th Australian Digitl Forensics Conference; Perth, Western Australia: Security Research Institute, Edith Cowan University. 2013.
  • Russinovich ME, Solomon DA. Microsoft Windows internal covering Windows server 2008 and Windows Vista. 5th ed. Washington: Microsoft Press; 2009.
  • Systems, volatile. The volatility framework: Volatlile memory artifact extraction utility framework. 2009 Apr; Available from:
  • at: Capture memory under win2k3 or vista with win32dd. 2008 Mar; Available from:
  • Olajide F, Savage N. A study of application level information from the volatile memory of windows computer systemns [PhD thesis]. Portsmouth, UK: University of Portsmouth; 2011.
  • Stuttgen J, Cohen M. Anti-forensic resilient memory acquisition. Digital Investigation. 2013; 10:105–15.
  • Kornblum J. Identifying almost identical files using context triggered piecewise hashing. Digital Investigation. 2006; 3:1–7.
  • Kurt O. A forensically robust method for acquisition of iCloud data. Digital Forensics Research Workshop, Digital Investigation; Magnolia, Denver: Elsevier. 2014. p. 106–13.
  • Garcia, GL. Forensic physical memory analysis:An overview of tools and techniques. Seminar on Network Security; Helsinki, Finland. 2007.
  • Schuster A. Searching for processes and threads in microsoft windows memory dumps. Digital Forensic Research Workshop (DFRWS); 2006.
  • Harris R. Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem. Digital Investigation Proceedings of the 6th Annual Digital Forensic Research Workshops; 2006. p. 4–9.
  • Beebe NL, Liu L. Ranking algorithms for digital forensic string search hits. Digital Forensic Research Workshop (DFRWS), Digital Investigation; Denver. 2014. p. 124–32.
  • Olajide S. Application level evidence from volatile memory. Journal of Computing in Systems and Engineering. 2010 Dec; 2:40–8.
  • Vomel S, Stuttgen J. An evaluation platform for forensic memory acquisition software. Digital Investigation. 2013; 10:30–40.
  • Wählisch MV, Charousset D, Schmidt TC, Paxson V, Matthias. Native actors: How to scale network forensics. ACM SIGCOMM' 14 Computer Communication Review; Chicago, IIIinois. 2014.
  • Florio E. When malware meets rootkits. Virus Bulletin; 2005.
  • Savage N, Olajide F. Forensic live response and events reconstruction methods in linux systems. PGNET The Convergence of Telecommunications Networking and Broadcasting; Liverpool. 2009. p. 141–7.
  • Home Office, UK. News UK Politics. UK cyber crime costs £27bn a year-government report. 2011; Available from: 23. Cohen F. Challenges to digital forensic evidence. Cybercrime Summit 06 Digital Investigation; Washington. 2006. Available from:


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.