2019
DOI: 10.1016/j.diin.2019.01.001
|View full text |Cite
|
Sign up to set email alerts
|

A universal taxonomy and survey of forensic memory acquisition techniques

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
13
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
3
3
2

Relationship

0
8

Authors

Journals

citations
Cited by 25 publications
(14 citation statements)
references
References 10 publications
0
13
0
Order By: Relevance
“…Hence, the acquired memory image is also unreliable. Latzo et al confirmed that the lower the execution layer of the acquisition method, the higher the accuracy of the acquired memory image [26]. Therefore, we propose a memory layout acquisition method that can cope with the existing API hooking and one-byte modification attacks.…”
Section: Considerationmentioning
confidence: 95%
“…Hence, the acquired memory image is also unreliable. Latzo et al confirmed that the lower the execution layer of the acquisition method, the higher the accuracy of the acquired memory image [26]. Therefore, we propose a memory layout acquisition method that can cope with the existing API hooking and one-byte modification attacks.…”
Section: Considerationmentioning
confidence: 95%
“…Usually, such data are not stored in the permanent storage of the system and are completely lost when the system is turned off or unplugged from the power. In the literature, we can find surveys devoted to the analysis of the memory acquisition techniques [62], [63] (i.e., both hardware and software-based), the subsequent memory analysis [64], and the available tools [63]. The main challenges of memory forensics derive from the fact that memory is volatile, so it has to be acquired when the system is running and thus probably modified by the running applications.…”
Section: E Filesystems Memory and Data Storage Forensicsmentioning
confidence: 99%
“…Another issue that can occur during the memory acquisition is the incorporation of pages, which are not present in the memory due to page swapping or demand paging [64]. Finally, although the memory acquisition techniques should be OS and hardware agnostic [62], each OS architecture handles the memory differently and is equipped with distinctive tampering protection mechanisms that hinder access to memory.…”
Section: E Filesystems Memory and Data Storage Forensicsmentioning
confidence: 99%
See 1 more Smart Citation
“…This is used to start-up and speed-up a window machine program. In [111], Latzo et al surveyed the memory forensics domain and presented a forensics memory acquisition taxonomy that is independent of the Operating System (OS) and the Hardware Architecture (HA), and can also be deployed pre/post-incident.…”
Section: Memory Forensics Approachesmentioning
confidence: 99%