MEMORY FORENSIC: ACQUISITION AND ANALYSIS OF MEMORY AND ITS TOOLS COMPARISON
The enhancement of technology has led to a considerable amount of growth in number of cases pertaining to cyber-crime and has raised an enormous challenge to tackle it effectively. There are various cyber forensic techniques and tools used to recover data from the devices to tackle cyber-crime. Present research paper focuses on performing memory forensic and analyzes the memory which contains many pieces of information relevant to forensic investigation, such as username, password, cryptographic keys, deleted files, deleted logs, running processes; that can be helpful to investigate the cyber-crime pining down the accused. The three main steps followed in memory forensic are acquiring, analyzing and recovering. Recovery of the evidences of crime from the volatile memory can be possible with the knowledge of different tools and techniques used in memory forensic. However, it is always tough to analyze volatile memory as it stays for a very short period. Not all tools can be used for memory forensic in every situation and therefore, it is important to have the knowledge of tools before applying to solve a particular cyber-crime. It is yet to establish on using a single tool for complete investigation, however, most of the tools used are successful in providing reasonable evidences. The present research paper provides an insight on analyzing the memory that stores relevant data, collection of evidences from the device(s), extraction of essential data using different memory forensic tools, tools useful for various purposes and the best suited tool for a particular situation.
Reith M, Carr C, Gunsch G. (2002). An examination of Digital Forensics Models. International Journal of Digital Evidence.1, 3, p1–12.
Pooja Salave, Atisha Wakdikar (2017). Memory Forensics: Tools Comparison. International Journal of Science and Research (IJSR). 6, 6, p5-8.
Timothy Vidas (2007). The Acquisition and Analysis of Random Access Memory. Journal of Digital Forensic Practice. 1, 4, p315-p323. DOI: https://doi.org/10.1080/15567280701418171
Richard Nolan, Colin O’Sullivan, Jake Branson, Cal Waits (2005). First Responders Guide to Computer Forensics, Carnegie Mellon University. DOI: https://doi.org/10.21236/ADA443483
Dr. Hardik Gohel, Dr. Himanshu Upadhyay (2017). Design of Advanced Cyber Threat Analysis Framework for Memory Forensics. International Journal of Innovative Research in Computer and Communication Engineering. 5, 2, p132-137.
Berning, T., Dreseler, M., Faust, M., Plattner, H., & Schwalb, D. (2015). nvm malloc: Memory Allocation for NVRAM. ADMS@VLDB.
Mahesh Kolhe et al, (2017). Live Vs Dead Computer Forensic Image Acquisition. International Journal of Computer Science and Information Technologies, 8, 3, p 455-457.
Divyang Rahevar. (2013) Study on Live analysis of Windows Physical Memory. Journal of Computer Engineering (IOSR-JCE). 15, 4, p76-80.
Rui YANG, Jiang-chun REN*, Shuai BAI and Tian TANG. (2017). A Digital Forensic Framework for Cloud Based on VMI, 2nd International Conference on Computer Science and Technology (CST 2017) ISBN: 978-1-60595-461-5.
Neelam Maurya, Jyoti Awasti, Ragvendra Pratap Singh, Dr. Abhishek Vaish. (2015). Analysis of Open Source and Proprietary Source Digital Forensic Tools. International Journal of Advanced Engineering and Global Technology.3, 7, p 916 – 922.
User Guide MANDIANT Memoryze™ Version 3.0.0
Belkasoft Evidence Center 2018. https://belkasoft.com/ec.
Copyright (c) 2018 Mital Parekh, Snehal Jani
This work is licensed under a Creative Commons Attribution 4.0 International License.
License and Copyright Agreement
In submitting the manuscript to the journal, the authors certify that:
- They are authorized by their co-authors to enter into these arrangements.
- The work described has not been formally published before, except in the form of an abstract or as part of a published lecture, review, thesis, or overlay journal.
- That it is not under consideration for publication elsewhere.
- That its release has been approved by all the author(s) and by the responsible authorities – tacitly or explicitly – of the institutes where the work has been carried out.
- They secure the right to reproduce any material that has already been published or copyrighted elsewhere.
- They agree to the following license and copyright agreement.
Authors who publish with International Journal of Engineering Technologies and Management Research agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors can enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or edit it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) before and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
For More info, please visit CopyRight Section