Persistent systems techniques in forensic acquisition of memory

Huebner, Ewa; Bem, Derek; Henskens, Frans; Wallis, Mark

doi:10.1016/j.diin.2008.02.001

Cited by 13 publications

(13 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Substantial research has focused on tools that can acquire memory images without altering memory content [7,10,11,15]. However, the dynamic nature of memory means that obtaining a complete and consistent perspective of memory is impossible without taking multiple memory snapshots.…”

Section: Related Workmentioning

confidence: 99%

Identifying Volatile Data from Multiple Memory Dumps in Live Forensics

Law¹,

Chan²,

Yiu³

et al. 2010

Advances in Digital Forensics VI

View full text Add to dashboard Cite

International audienceOne of the core components of live forensics is to collect and analyze volatile memory data. Since the dynamic analysis of memory is not possible, most live forensic approaches focus on analyzing a single snapshot of a memory dump. Analyzing a single memory dump raises questions about evidence reliability; consequently, a natural extension is to study data from multiple memory dumps. Also important is the need to differentiate static data from dynamic data in the memory dumps; this enables investigators to link evidence based on memory structures and to determine if the evidence is found in a consistent area or a dynamic memory buffer, providing greater confidence in the reliability of the evidence. This paper proposes an indexing data structure for analyzing pages from multiple memory dumps in order to identify static and dynamic pages

show abstract

Section: Related Workmentioning

confidence: 99%

Identifying Volatile Data from Multiple Memory Dumps in Live Forensics

Law¹,

Chan²,

Yiu³

et al. 2010

Advances in Digital Forensics VI

View full text Add to dashboard Cite

show abstract

“…Forensic processes on live and volatile sources of digital evidence, evidentiary disturbance caused by memory acquisition and live forensic analysis, and evidentiary integrity processes and standards (see, e.g., [23,24,28,35,62,63,68,73]). …”

Section: Other Important Research Topicsmentioning

confidence: 99%

Digital Forensic Research: The Good, the Bad and the Unaddressed

Beebe¹

2009

IFIP Advances in Information and Communication Technology

117

View full text Add to dashboard Cite

Digital forensics is a relatively new scientific discipline, but one that has matured greatly over the past decade. In any field of human endeavor, it is important to periodically pause and review the state of the discipline. This paper examines where the discipline of digital forensics is at this It is a compilation of the author's opinion and the viewpoints of twenty-one other practitioners and researchers, many of whom are leaders in the field. In synthesizing these professional opinions, several consensus views emerge that provide valuable insights into the "state of the discipline."

show abstract

“…More specifically, it is the acquisition and analysis of physical memory [3,4,5,6,7]. Memory forensics is more challenging than disk-based forensics for several reasons: it is volatile in nature and therefore difficult to collect.…”

Section: Introductionmentioning

confidence: 99%

“…It is also difficult to analyse, as memory does not use a set structure. Acquisition and analysis of the data represent separate distinct research areas and are the focus of much research within the discipline [4]. Although the concept of memory forensics has existed for some time, the catalyst for the current explosion in interested started as a result of the 2005 Digital Forensic Research Workshop (DFRWS) [5,6].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Enhancement of Forensic Computing Investigations through Memory Forensic Techniques

Simon

Slay

2009

2009 International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

The use of memory forensic techniques has the potential to enhance computer forensic investigations. The analysis of digital evidence is facing several key challenges; an increase in electronic devices, network connections and bandwidth, the use of anti-forensic technologies and the development of network centric applications and technologies has lead to less potential evidence stored on static media and increased amounts of data stored off-system. Memory forensic techniques have the potential to overcome these issues in forensic analysis. While much of the current research in memory forensics has been focused on low-level data, there is a need for research to extract high-level data from physical memory as a means of providing forensic investigators with greater insight into a target system. This paper outlines the need for further research into memory forensic techniques. In particular it stresses the need for methods and techniques for understanding context on a system and also as a means of augmenting other data sources to provide a more complete and efficient searching of investigations.

show abstract

Persistent systems techniques in forensic acquisition of memory

Cited by 13 publications

References 12 publications

Identifying Volatile Data from Multiple Memory Dumps in Live Forensics

Identifying Volatile Data from Multiple Memory Dumps in Live Forensics

Digital Forensic Research: The Good, the Bad and the Unaddressed

Enhancement of Forensic Computing Investigations through Memory Forensic Techniques

Contact Info

Product

Resources

About