TY - JFULL AU - Khairul Akram Zainol Ariffin and Ahmad Kamil Mahmood and Jafreezal Jaafar and Solahuddin Shamsuddin PY - 2012/11/ TI - Hybrid Approach for Memory Analysis in Windows System T2 - International Journal of Computer and Information Engineering SP - 1238 EP - 1247 VL - 6 SN - 1307-6892 UR - https://publications.waset.org/pdf/10632 PU - World Academy of Science, Engineering and Technology NX - Open Science Index 70, 2012 N2 - Random Access Memory (RAM) is an important device in computer system. It can represent the snapshot on how the computer has been used by the user. With the growth of its importance, the computer memory has been an issue that has been discussed in digital forensics. A number of tools have been developed to retrieve the information from the memory. However, most of the tools have their limitation in the ability of retrieving the important information from the computer memory. Hence, this paper is aimed to discuss the limitation and the setback for two main techniques such as process signature search and process enumeration. Then, a new hybrid approach will be presented to minimize the setback in both individual techniques. This new approach combines both techniques with the purpose to retrieve the information from the process block and other objects in the computer memory. Nevertheless, the basic theory in address translation for x86 platforms will be demonstrated in this paper. ER -