IDENTIFYING VOLATILE DATA FROM MULTIPLE MEMORY DUMPS IN LIVE FORENSICS

被引：0

作者：

Law, Frank ^{[1
]}

Chan, Patrick ^{[1
]}

Yiu, Siu-Ming ^{[1
]}

Tang, Benjamin ^{[1
]}

Lai, Pierre ^{[1
]}

Chow, Kam-Pui ^{[1
]}

Ieong, Ricci ^{[1
]}

Kwan, Michael ^{[1
]}

Hon, Wing-Kai ^{[2
]}

Hui, Lucas ^{[1
]}

机构：

[1] Univ Hong Kong, Hong Kong, Hong Kong, Peoples R China

[2] Natl Tsing Hua Univ, Hsinchu, Taiwan

来源：

ADVANCES IN DIGITAL FORENSICS VI | 2010年 / 337卷

关键词：

Live forensics; volatile data; memory analysis;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

One of the core components of live forensics is to collect and analyze volatile memory data. Since the dynamic analysis of memory is not possible, most live forensic approaches focus on analyzing a single snapshot of a memory dump. Analyzing a single memory dump raises questions about evidence reliability; consequently, a natural extension is to study data from multiple memory dumps. Also important is the need to differentiate static data from dynamic data in the memory dumps; this enables investigators to link evidence based on memory structures and to determine if the evidence is found in a consistent area or a dynamic memory buffer, providing greater confidence in the reliability of the evidence. This paper proposes an indexing data structure for analyzing pages from multiple memory dumps in order to identify static and dynamic pages.

引用

页码：185 / +

页数：3

共 50 条

[31] Module extraction and DLL hijacking detection via single or multiple memory dumps
Fernandez-Alvarez, Pedro
Rodriguez, Ricardo J.
FORENSIC SCIENCE INTERNATIONAL-DIGITAL INVESTIGATION, 2023, 44
[32] Live acquisition of main memory data from Android smartphones and smartwatches
Yang, Seung Jei
Choi, Jung Ho
Kim, Ki Bom
Bhatia, Rohit
Saltaformaggio, Brendan
Xu, Dongyan
DIGITAL INVESTIGATION, 2017, 23 : 50 - 62
[33] HACKFOSICS: Forensics Tool for Extract Live Remnant Data and Examine Dead Artifact
Tin Maung Maung
Thwin, Mie Mie Su
ADVANCES ON BROADBAND AND WIRELESS COMPUTING, COMMUNICATION AND APPLICATIONS, BWCCA-2018, 2019, 25 : 704 - 712
[34] MTIOT: Identifying HPV subtypes from multiple infection data
Zhao, Qi
Zhou, Tianjun
Li, Lin
Hong, Guofan
Chen, Luonan
COMPUTATIONAL AND STRUCTURAL BIOTECHNOLOGY JOURNAL, 2025, 27 : 149 - 159
[35] Signature based volatile memory forensics: a detection based approach for analyzing sophisticated cyber attacks
Mistry N.R.
Dahiya M.S.
International Journal of Information Technology, 2019, 11 (3) : 583 - 589
[36] Data Management in Non-Volatile Memory
Viglas, Stratis D.
SIGMOD'15: PROCEEDINGS OF THE 2015 ACM SIGMOD INTERNATIONAL CONFERENCE ON MANAGEMENT OF DATA, 2015, : 1707 - 1711
[37] Data Management on Non-Volatile Memory
Arulraj, Joy
SIGMOD '19: PROCEEDINGS OF THE 2019 INTERNATIONAL CONFERENCE ON MANAGEMENT OF DATA, 2019, : 1114 - 1114
[38] IDENTIFYING MULTIPLE OUTLIERS IN MULTIVARIATE DATA
HADI, AS
JOURNAL OF THE ROYAL STATISTICAL SOCIETY SERIES B-METHODOLOGICAL, 1992, 54 (03): : 761 - 771
[39] RETracer: Triaging Crashes by Reverse Execution from Partial Memory Dumps
Cui, Weidong
Peinado, Marcus
Cha, Sang Kil
Fratantonio, Yanick
Kemerlis, Vasileios P.
2016 IEEE/ACM 38TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2016, : 820 - 831
[40] Volatile Memory Forensics Acquisition Efficacy: A Comparative Study Towards Analysing Firmware-Based Rootkits
Taylor, Jacob
Turnbull, Benjamin
Creech, Gideon
13TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES 2018), 2019,

← 1 2 3 4 5 →