Digital forensics random access memory using live technique based on network attacked

Periyadi,; Mutiara, Giva Andriana; Wijaya, Roni

doi:10.1109/icoict.2017.8074695

Cited by 3 publications

(1 citation statement)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most systems have their drives encrypted and protected with keys, these encryption keys and other cryptographic materials are being stored in the RAM after the drive has been decrypted and mounted on the first instance [5]. Encryption has well been embraced by computer users; both the good and bad guys.…”

Section: Introductionmentioning

confidence: 99%

Cold Boot Attack on Encrypted Containers for Forensic Investigations

2022

KSII TIIS

View full text Add to dashboard Cite

Digital Forensics is gaining popularity in adjudication of criminal cases as use of electronic gadgets in committing crime has risen. Traditional approach to collecting digital evidence falls short when the disk is encrypted. Encryption keys are often stored in RAM when computer is running. An approach to acquire forensic data from RAM when the computer is shut down is proposed. The approach requires that the investigator immediately cools the RAM and transplant it into a host computer provisioned with a tool developed based on cold boot concept to acquire the RAM image. Observation of data obtained from the acquired image compared to the data loaded into memory shows the RAM chips exhibit some level of remanence which allows their content to persist after shutdown which is contrary to accepted knowledge that RAM loses its content immediately there is power cut. Results from experimental setups conducted with three different RAM chips labeled System A, B and C showed at a reduced temperature of -25C, the content suffered decay of 2.125% in 240 seconds, 0.975% in 120 seconds and 1.225% in 300 seconds respectively. Whereas at operating temperature of 25°C, there was decay of 82.33% in 60 seconds, 80.31% in 60 seconds and 95.27% in 120 seconds respectively. The content of RAM suffered significant decay within two minutes without power supply at operating temperature while at a reduced temperature less than 5% decay was observed. The findings show data can be recovered for forensic evidence even if the culprit shuts down the computer.

show abstract

Section: Introductionmentioning

confidence: 99%

Cold Boot Attack on Encrypted Containers for Forensic Investigations

2022

KSII TIIS

View full text Add to dashboard Cite

show abstract

Data Acquisition from Cloud Network Storage

Lutui

Cusack

2021

2021 31st International Telecommunication Networks and Applications Conference (ITNAC)

View full text Add to dashboard Cite

Enterprise Malware Detection using Digital Forensic Artifacts and Machine Learning

Drolet,

Roberge

2024

Wseas Transactions on Computer Research

View full text Add to dashboard Cite

Malware detection is a complex task. Numerous log aggregation solutions and intrusion detection systems can help find anomalies within a host or a network and detect intrusions, but they require precise calibration, skilled analysts, and cutting-edge technology. In addition, processing host-based data is challenging, as every log, event, and configuration can be analyzed. In order to obtain trusted information about a host state, the analysis of a computer’s memory can be performed, but obtaining the data from acquisition and performing the analysis can be challenging. To address this limitation, this paper proposes to collect artifacts within a network environment. This approach involves remotely gathering memory-based and disk-based artifacts from a simulated enterprise network using Velociraptor. The data was then processed using three machine learning algorithms to detect the malware samples against regular user activity generated with a user simulation tool for added realism. With this method, Random Forest and Support Vector Machine achieved a perfect classification of 41 malware samples.

show abstract

Digital forensics random access memory using live technique based on network attacked

Cited by 3 publications

References 2 publications

Cold Boot Attack on Encrypted Containers for Forensic Investigations

Cold Boot Attack on Encrypted Containers for Forensic Investigations

Data Acquisition from Cloud Network Storage

Enterprise Malware Detection using Digital Forensic Artifacts and Machine Learning

Contact Info

Product

Resources

About