Notifications

Clear all

extracting data from the application level?

General (Technical, Procedural, Software, Hardware etc.)

Last Post by keydet89 16 years ago

4 Posts

3 Users

0 Reactions

395 Views

RSS

DingDangDoo

(@dingdangdoo)

New Member

Joined: 18 years ago

Posts: 4

Topic starter 28/01/2010 4:58 pm

Hi are there any ways of extracting data from the application level based on a forensic point of view? Much seems to involve low level data and a knowledge of assembly and C++?

Any info appreciated,thanks…

Quote

mscotgrove

(@mscotgrove)

Prominent Member

Joined: 17 years ago

Posts: 940

28/01/2010 5:41 pm

Can you give more details, or an example of what you want to achieve

ReplyQuote

DingDangDoo

(@dingdangdoo)

New Member

Joined: 18 years ago

Posts: 4

Topic starter 28/01/2010 11:20 pm

just really puting it out there unsure of what exactly my approach would be,cant find any literature on it. I guess the types of applications that were in use before the system was compromised etc,is this any clearer? )

ReplyQuote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

29/01/2010 1:04 am

I'm still unclear as to what you mean by 'application level'. Getting what applications were on the system is trivial from a disk analysis perspective…getting which ones were in use at the time of acquisition is similarly trivial from a memory analysis perspective.

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
263 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed