MEMORY FORENSIC: ACQUISITION AND ANALYSIS OF MEMORY AND ITS TOOLS COMPARISON

  • Mital Parekh
  • Snehal Jani
Keywords: Memory Forensic, Digital Forensics, Volatile Memory, Memory Forensic Tools

Abstract

The enhancement of technology has led to a considerable amount of growth in number of cases pertaining to cyber-crime and has raised an enormous challenge to tackle it effectively.  There are various cyber forensic techniques and tools used to recover data from the devices to tackle cyber-crime. Present research paper focuses on performing memory forensic and analyzes the memory which contains many pieces of information relevant to forensic investigation, such as username, password, cryptographic keys, deleted files, deleted logs, running processes; that can be helpful to investigate the cyber-crime pining down the accused. The three main steps followed in memory forensic are acquiring, analyzing and recovering. Recovery of the evidences of crime from the volatile memory can be possible with the knowledge of different tools and techniques used in memory forensic.  However, it is always tough to analyze volatile memory as it stays for a very short period. Not all tools can be used for memory forensic in every situation and therefore, it is important to have the knowledge of tools before applying to solve a particular cyber-crime. It is yet to establish on using a single tool for complete investigation, however, most of the tools used are successful in providing reasonable evidences. The present research paper provides an insight on analyzing the memory that stores relevant data, collection of evidences from the device(s), extraction of essential data using different memory forensic tools, tools useful for various purposes and the best suited tool for a particular situation.

                                     

Downloads

Download data is not yet available.

References

Reith M, Carr C, Gunsch G. (2002). An examination of Digital Forensics Models. International Journal of Digital Evidence.1, 3, p1–12.

Pooja Salave, Atisha Wakdikar (2017). Memory Forensics: Tools Comparison. International Journal of Science and Research (IJSR). 6, 6, p5-8.

Timothy Vidas (2007). The Acquisition and Analysis of Random Access Memory. Journal of Digital Forensic Practice. 1, 4, p315-p323. DOI: https://doi.org/10.1080/15567280701418171

Richard Nolan, Colin O’Sullivan, Jake Branson, Cal Waits (2005). First Responders Guide to Computer Forensics, Carnegie Mellon University. DOI: https://doi.org/10.21236/ADA443483

Dr. Hardik Gohel, Dr. Himanshu Upadhyay (2017). Design of Advanced Cyber Threat Analysis Framework for Memory Forensics. International Journal of Innovative Research in Computer and Communication Engineering. 5, 2, p132-137.

Berning, T., Dreseler, M., Faust, M., Plattner, H., & Schwalb, D. (2015). nvm malloc: Memory Allocation for NVRAM. ADMS@VLDB.

Mahesh Kolhe et al, (2017). Live Vs Dead Computer Forensic Image Acquisition. International Journal of Computer Science and Information Technologies, 8, 3, p 455-457.

Divyang Rahevar. (2013) Study on Live analysis of Windows Physical Memory. Journal of Computer Engineering (IOSR-JCE). 15, 4, p76-80.

Rui YANG, Jiang-chun REN*, Shuai BAI and Tian TANG. (2017). A Digital Forensic Framework for Cloud Based on VMI, 2nd International Conference on Computer Science and Technology (CST 2017) ISBN: 978-1-60595-461-5.

Neelam Maurya, Jyoti Awasti, Ragvendra Pratap Singh, Dr. Abhishek Vaish. (2015). Analysis of Open Source and Proprietary Source Digital Forensic Tools. International Journal of Advanced Engineering and Global Technology.3, 7, p 916 – 922.

User Guide MANDIANT Memoryze™ Version 3.0.0

https://www.fireeye.fr/content/dam/fireeye-www/services/freeware/ug-memoryze.pdf.

Belkasoft Evidence Center 2018. https://belkasoft.com/ec.

Published
2018-02-28
How to Cite
Parekh, M., & Jani, S. (2018). MEMORY FORENSIC: ACQUISITION AND ANALYSIS OF MEMORY AND ITS TOOLS COMPARISON. International Journal of Engineering Technologies and Management Research, 5(2), 90-95. https://doi.org/10.29121/ijetmr.v5.i2.2018.618