Abstract— The use of Internet based communication
technologies has become more prevalent in recent years.
Technologies such as Skype provide a highly secure and
decentralised method of communication. These technologies
may also leave little evidence on static media causing
conventional digital forensic processes to be ineffective. This
research looks at exploiting physical memory to recover
evidence from Internet based communication technologies
where conventional methods cannot. The paper first proposes
a set of generic target artefacts that defines information that
may be targeted for recovery and the meaning that can be
inferred from this. A controlled test was then undertaken
where Skype was executed and the memory from the target
machine collected. The analysis showed that it is feasible to
recover the target data as applied to Skype, which would not
be otherwise available. As this is the first set of tests of a series,
the future direction is also discussed.
Index Terms— Computer forensics, Digital evidence, Digital
investigation, Electronic evidence, RAM forensics, Volatile
memory forensics.