IDENTIFYING VOLATILE DATA FROM MULTIPLE MEMORY DUMPS IN LIVE FORENSICS

被引：0

作者：

Law, Frank ^{[1
]}

Chan, Patrick ^{[1
]}

Yiu, Siu-Ming ^{[1
]}

Tang, Benjamin ^{[1
]}

Lai, Pierre ^{[1
]}

Chow, Kam-Pui ^{[1
]}

Ieong, Ricci ^{[1
]}

Kwan, Michael ^{[1
]}

Hon, Wing-Kai ^{[2
]}

Hui, Lucas ^{[1
]}

机构：

[1] Univ Hong Kong, Hong Kong, Hong Kong, Peoples R China

[2] Natl Tsing Hua Univ, Hsinchu, Taiwan

来源：

ADVANCES IN DIGITAL FORENSICS VI | 2010年 / 337卷

关键词：

Live forensics; volatile data; memory analysis;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

One of the core components of live forensics is to collect and analyze volatile memory data. Since the dynamic analysis of memory is not possible, most live forensic approaches focus on analyzing a single snapshot of a memory dump. Analyzing a single memory dump raises questions about evidence reliability; consequently, a natural extension is to study data from multiple memory dumps. Also important is the need to differentiate static data from dynamic data in the memory dumps; this enables investigators to link evidence based on memory structures and to determine if the evidence is found in a consistent area or a dynamic memory buffer, providing greater confidence in the reliability of the evidence. This paper proposes an indexing data structure for analyzing pages from multiple memory dumps in order to identify static and dynamic pages.

引用

页码：185 / +

页数：3

共 50 条

[21] Volatile data vs. data at rest: the requirements of digital forensics
Netw. Secur., 2008, 6 (13-15):
[22] Detection of Anti-forensics and Malware Applications in Volatile Memory Acquisition
Ratcliffe, Chandlor
Bokolo, Biodoumoye George
Oladimeji, Damilola
Zhou, Bing
ADVANCES AND TRENDS IN ARTIFICIAL INTELLIGENCE: THEORY AND PRACTICES IN ARTIFICIAL INTELLIGENCE, 2022, 13343 : 516 - 527
[23] Fast Tamper Detection for Hierarchical Data in Live Cloud Forensics
Liu, Anyi
Fu, Huirong
2018 IEEE INTERNATIONAL CONFERENCE ON ELECTRO/INFORMATION TECHNOLOGY (EIT), 2018, : 589 - 594
[24] Evading DoH via Live Memory Forensics for Phishing Detection and Content Filtering
Varshney, Gaurav
Iyer, Padmavathi
Atrey, Pradeep
Misra, Manoj
2021 INTERNATIONAL CONFERENCE ON COMMUNICATION SYSTEMS & NETWORKS (COMSNETS), 2021,
[25] ForenVisor: A Tool for Acquiring and Preserving Reliable Data in Cloud Live Forensics
Qi, Zhengwei
Xiang, Chengcheng
Ma, Ruhui
Li, Jian
Guan, Haibing
Wei, David S. L.
IEEE TRANSACTIONS ON CLOUD COMPUTING, 2017, 5 (03) : 443 - 456
[26] Framework for Live Forensics of a System by Extraction of Clipboard Data and Other Forensic Artefacts from RAM Image
Sharma, Rohit
Singh, Upasna
SECURITY IN COMPUTING AND COMMUNICATIONS (SSCC 2015), 2015, 536 : 473 - 482
[27] Primary Exploration of Reliability Evaluation of Computer Live Forensics Model on Physical Memory Analysis
Lian-Hai Wang
Qiu-Liang Xu
Journal of Harbin Institute of Technology(New series), 2014, (04) : 121 - 128
[28] Investigating the hooking behavior: A page-level memory monitoring method for live forensics
Cheng, Yingxin
Fu, Xiao
Luo, Bin
Yang, Rui
Ruan, Hao
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2014, 8783 : 255 - 272
[29] Digital Forensics Random Access Memory Using Live Technique Based On Network Attacked
Periyadi
Mutiara, Giva Andriana
Wijaya, Roni
2017 5TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY (ICOIC7), 2017,
[30] Module extraction and DLL hijacking detection via single or multiple memory dumps
Fernandez-Alvarez, Pedro
Rodriguez, Ricardo J.
FORENSIC SCIENCE INTERNATIONAL-DIGITAL INVESTIGATION, 2023, 44

← 1 2 3 4 5 →