What Is Volatile Memory Investigation
The success of the digital investigation is dependent on the availability and maintaining the quality of the data being collected. Because the digital evidence that is collected must be presented in its original form to the court for the proof against the crime. In this project one of the methods of digital forensic investigation is discussed which is memory imaging analysis. The analysis of volatile memory image is chosen over the Live Response approach of investigation. The advantage of the investigation method used in this project offers the efficient and easy use of forensics tools that are based command line approach,by introducing them under common GUI framework. The GUI based tool runs commands at the back end which offers the automation
…show more content…
Today solving any cyber crime put up new challenges for a digital forensics investigator.[5] Digital forensics is the process of uncovering and interpreting an electronic data. The goal of investigation is to preserve the evidence that is obtained during an investigation process. This evidence is termed as a digital evidence which must be preserved to reconstruct the past events. The analysis of volatile memory plays a very significant role in a process of digital investigation process. The volatile memory contains many important artifacts which can be used in forensic investigation process. The information may …show more content…
Volatile memory analysis using a Live Response method helps to collect all relevant evidences from a system. These evidences can be used to prove any incident occurred that might have compromised a system resulting into a cyber crime.[2] Another method to analyze a volatile memory is to perform memory image analysis. The analysis of a volatile memory is performed by capturing an image of RAM known as memory dump.Digital Forensics investigator make use of forensics tools in an investigation process, which are present in commercial and open domains. Depending upon the requirement of analysis, forensic toolkits are categorized like file system and data analysis tools, memory analysis tools, disk analysis tools, registry analysis tools, Internet analysis tools and many more analysis tools. The commonly used toolkits for analyzing file systems are Encase,FTK,X-Ways,Nuix,Sleuthkit,DFF,Snorkeland LibForensics. Of these tools,Encase, FTK and X-Ways are commercial toolkits while Sleuthkit, DFF and LibForensics are in open domain. To extract the malicious processes out of the genuine processes from memory image, the file signature scanner tool known as YARA tool can be used. The YARA is an open source tool designed to help malware researcher to identify and classify malware samples. It uses the efficient pattern-matching rules.YARA supports the use of three different types of strings
Today solving any cyber crime put up new challenges for a digital forensics investigator.[5] Digital forensics is the process of uncovering and interpreting an electronic data. The goal of investigation is to preserve the evidence that is obtained during an investigation process. This evidence is termed as a digital evidence which must be preserved to reconstruct the past events. The analysis of volatile memory plays a very significant role in a process of digital investigation process. The volatile memory contains many important artifacts which can be used in forensic investigation process. The information may …show more content…
Volatile memory analysis using a Live Response method helps to collect all relevant evidences from a system. These evidences can be used to prove any incident occurred that might have compromised a system resulting into a cyber crime.[2] Another method to analyze a volatile memory is to perform memory image analysis. The analysis of a volatile memory is performed by capturing an image of RAM known as memory dump.Digital Forensics investigator make use of forensics tools in an investigation process, which are present in commercial and open domains. Depending upon the requirement of analysis, forensic toolkits are categorized like file system and data analysis tools, memory analysis tools, disk analysis tools, registry analysis tools, Internet analysis tools and many more analysis tools. The commonly used toolkits for analyzing file systems are Encase,FTK,X-Ways,Nuix,Sleuthkit,DFF,Snorkeland LibForensics. Of these tools,Encase, FTK and X-Ways are commercial toolkits while Sleuthkit, DFF and LibForensics are in open domain. To extract the malicious processes out of the genuine processes from memory image, the file signature scanner tool known as YARA tool can be used. The YARA is an open source tool designed to help malware researcher to identify and classify malware samples. It uses the efficient pattern-matching rules.YARA supports the use of three different types of strings