Instant messaging software is typically installed in a Microsoft Windows-based computer. Forensic procedures provide evidence for legal purposes after such software is used. Web-based instant messaging leaves no chat messages on the hard disk but some may be dumped into memory, the paging file and unallocated hard disk space. The targets in this paper are the software "Skype" and the web version of "Facebook Messenger" in Windows operating system. Proposed memory forensic technology is used to collect key evidence of communication records and the stepwise process demonstrated. The user’s login username, password, contact list, and conversation records are obtained for the purposes of reconstructing a crime.
為了持續優化網站功能與使用者體驗,本網站將Cookies分析技術用於網站營運、分析和個人化服務之目的。
若您繼續瀏覽本網站,即表示您同意本網站使用Cookies。