IDENTIFYING VOLATILE DATA FROM MULTIPLE MEMORY DUMPS IN LIVE FORENSICS

被引：0

作者：

Law, Frank ^{[1
]}

Chan, Patrick ^{[1
]}

Yiu, Siu-Ming ^{[1
]}

Tang, Benjamin ^{[1
]}

Lai, Pierre ^{[1
]}

Chow, Kam-Pui ^{[1
]}

Ieong, Ricci ^{[1
]}

Kwan, Michael ^{[1
]}

Hon, Wing-Kai ^{[2
]}

Hui, Lucas ^{[1
]}

机构：

[1] Univ Hong Kong, Hong Kong, Hong Kong, Peoples R China

[2] Natl Tsing Hua Univ, Hsinchu, Taiwan

来源：

ADVANCES IN DIGITAL FORENSICS VI | 2010年 / 337卷

关键词：

Live forensics; volatile data; memory analysis;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

One of the core components of live forensics is to collect and analyze volatile memory data. Since the dynamic analysis of memory is not possible, most live forensic approaches focus on analyzing a single snapshot of a memory dump. Analyzing a single memory dump raises questions about evidence reliability; consequently, a natural extension is to study data from multiple memory dumps. Also important is the need to differentiate static data from dynamic data in the memory dumps; this enables investigators to link evidence based on memory structures and to determine if the evidence is found in a consistent area or a dynamic memory buffer, providing greater confidence in the reliability of the evidence. This paper proposes an indexing data structure for analyzing pages from multiple memory dumps in order to identify static and dynamic pages.

引用

页码：185 / +

页数：3

共 50 条

[41] Forensics and Anti-Forensics of a NAND Flash Memory: From a Copy-Back Program Perspective
Ahn, Na Young
Lee, Dong Hoon
IEEE ACCESS, 2021, 9 : 14130 - 14137
[42] Live Data Mining Concerning Social Networking Forensics Based on a Facebook Session Through Aggregation of Social Data
Chu, Hai-Cheng
Deng, Der-Jiunn
Park, Jong Hyuk
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, 2011, 29 (07) : 1368 - 1376
[43] FATKit: A framework for the extraction and analysis of digital forensic data from volatile system memory
Petroni, Nick L., Jr.
Walters, Aaron
Fraser, Timothy
Arbaugh, William A.
DIGITAL INVESTIGATION, 2006, 3 (04) : 197 - 210
[44] Non-Volatile Memory versus Big Data
Kuo, Tei-Wei
2016 INTERNATIONAL SYMPOSIUM ON VLSI DESIGN, AUTOMATION AND TEST (VLSI-DAT), 2016,
[45] Non-Volatile Memory Technology for Data Age
Ishimaru, Kazunari
2018 14TH IEEE INTERNATIONAL CONFERENCE ON SOLID-STATE AND INTEGRATED CIRCUIT TECHNOLOGY (ICSICT), 2018, : 1215 - 1218
[46] Data Management on Non-Volatile Memory: A Perspective
Philipp Götze
Alexander van Renen
Lucas Lersch
Viktor Leis
Ismail Oukid
Datenbank-Spektrum, 2018, 18 (3) : 171 - 182
[47] A study on vulnerability of the WICKR login system in windows from a live forensics perspective
Kim, Giyoon
Kang, Soojin
Hur, Uk
Kim, Jongsung
COMPUTERS & SECURITY, 2024, 139
[48] Deriving Cse-specific Live Forensics Investigation Procedures from FORZA
Ieong, Ricci
Leung, Hc
APPLIED COMPUTING 2007, VOL 1 AND 2, 2007, : 175 - 180
[49] Development of a deep stacked ensemble with process based volatile memory forensics for platform independent malware detection and classification
Naeem, Hamad
Dong, Shi
Falana, Olorunjube James
Ullah, Farhan
EXPERT SYSTEMS WITH APPLICATIONS, 2023, 223
[50] Identifying multiple cluster structures in a data matrix
Soffritti, G
COMMUNICATIONS IN STATISTICS-SIMULATION AND COMPUTATION, 2003, 32 (04) : 1151 - 1177

← 1 2 3 4 5 →