In‐Depth Analysis of Computer Memory Acquisition Software for Forensic Purposes

McDown, Robert J.; Varol, Cihan; Carvajal, Leonardo; Chen, Lei

doi:10.1111/1556-4029.12979

Cited by 14 publications

(11 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, it also shows that sometimes the forensic investigation, the data contained in RAM can contain sufficient evidence to settle the whole case. Mcdown, et al in [7] Acquisition software selection greatly affects the quality of the data when copying. The results of research analyzing the memory depth at seven acquisition software that runs on Windows 7 that FTK Imager, Belkasoft RAM Capturer, ProDiscover, Windows Memory Reader, WinEn, DumpIt and Memoryze.…”

Section: Related Workmentioning

confidence: 99%

“…The success of the investigation depends on the quality of data collected. The quality of the copied data contains completeness of information such as information access, time and users, data quality is also affected by artefacts (Registry Key, DLL) left by the use of software acquisition [7]. Processing time, DLL, Registry Key and Memory Usage will impact to potential evidence.…”

Section: Introductionmentioning

confidence: 99%

“…Figure 1 shows 41 respondents in the USA about using acquisition software for digital forensics. FTK Imager ranked first with 23%, then Memoryze ranked second with 21% and ProDiscover with 16%, Belkasoft with 10%, while DumpIt and Windows Memory Reader only 7% of the total 41 respondents [7].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Comparison of Acquisition Software for Digital Forensics Purposes

Faiz¹,

Prabowo²

2018

KINETIK

View full text Add to dashboard Cite

Digital Forensics, a term that is increasingly popular with internet needs and increasing cybercrime activity. Cybercrime is a criminal activity with digital media as a tool for committing crimes. The process for uncovering cybercrime is called digital forensics. The initial stage in digital forensics is an acquisition. The acquisition phase is very important because it will affect the level of difficulty and ease in investigating cybercrime. Software acquisition will affect the abandoned artefacts and even overwrite important evidence by the software, therefore investigators must use the best software for the acquisition stage. This study shows the difference in software for the acquisition of the best Random Access Memory (RAM) such as processing time, memory usage, registry key, DLL. This research presents five acquisition software such as FTK Imager, Belkasoft RAM Capturer, Memoryze, DumpIt, Magnet RAM Capturer. Results of this study showed that FTK Imager left about 10 times more artefacts than DumpIt and Memoryze. Magnet RAM Capture the most artefacts, 4 times more than Belkasot RAM Capturer. Software acquisition with many artefacts, namely Capture RAM Magnet and FTK Imager, while for the fastest time is DumpIt and Capture RAM Magnet for software that takes a long time.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Comparison of Acquisition Software for Digital Forensics Purposes

Faiz¹,

Prabowo²

2018

KINETIK

View full text Add to dashboard Cite

show abstract

“…Since then, researchers are benefiting from the vital information that can be available in RAM [2]. Some researchers are focused on the memory acquisition techniques [27] while others are focused on the emerging platforms and computing domains. For example, researchers in [28] proposed a hardware virtualization to facilitate a lightweight live memory forensic approach, in which they proposed on the fly virtualization environment that allows the migration of virtual machines without modification or termination.…”

Section: Related Workmentioning

confidence: 99%

Carving and Clustering Files in Ram for Memory Forensics

Al-Sharif¹,

Al-Khalee²,

Al-Saleh³

et al. 2018

FJEC

View full text Add to dashboard Cite

Memory contains vital information about the current state of a system such as processes, network connections and opened files. The contents of a file can be reconstructed from memory either by following the Operating System's data structures (which might not be always available) or by carving data based on the file's internal structure. Unfortunately, the problem gets more complicated when carving several files with the same internal structure that happen to coexist in memory. This paper carves chunks of a certain file type from memory and employs clustering techniques to distribute these chunks into their corresponding files. As a running example, we carve and cluster different PDF files. The paper employs the wording similarities among related portions and shows that the Hierarchical clustering algorithm facilitates grouping of the recovered text pieces within an adequate accuracy.

show abstract

“…Following refinement and rigorous testing, many methods/technologies have been adopted by forensic laboratories, including polymerase chain reaction (PCR) [1,2], capillary electrophoretic instrumentation (Genetic Analyzers) [3,4], automated liquid handling (Microfluidic devices) [5][6][7], and expert software systems [8][9][10][11]. Introduction of robust validation processes has a long term impact to test evidentiary samples to be presented to the court of law.…”

Section: Introductionmentioning

confidence: 99%

The Future of Forensic Biology

Rana¹

2018

J. Biomed

View full text Add to dashboard Cite

The recent technological and scientific development in the field of forensic biology is certainly stamping a huge impact in capturing and convicting the criminals without any doubt. This review enlists forthcoming emerging technologies in forensic biology which would become inevitable and routine tasks in laboratories for solving extremely challenging and critical cases. These include touch DNA profiling, forensic phenotyping, 3D facial reconstruction and morphometrics, microbial forensics, virtual autopsy, DNA methylation and next-generation sequencing methods which would prove boon sooner or later for the crime investigators in finding missing persons, nabbing murderers and sexual assaulters and solving an array of cold cases.

show abstract

In‐Depth Analysis of Computer Memory Acquisition Software for Forensic Purposes

Cited by 14 publications

References 10 publications

Comparison of Acquisition Software for Digital Forensics Purposes

Comparison of Acquisition Software for Digital Forensics Purposes

Carving and Clustering Files in Ram for Memory Forensics

The Future of Forensic Biology

Contact Info

Product

Resources

About