论文信息 - Techniques and Tools for Recovering and Analyzing Data from Volatile Memory

Techniques and Tools for Recovering and Analyzing Data from Volatile Memory

There are many relatively new tools available that have been developed in order to recover and dissect the information that can be gleaned from volatile memory, but because this is a relatively new and fast-growing field many forensic analysts do not know or take advantage of these assets. Volatile memory may contain many pieces of information relevant to a forensic investigation, such as passwords, cryptographic keys, and other data. Having the knowledge and tools needed to recover that data is essential, and this capability is becoming increasingly more relevant as hard drive encryption and other security mechanisms make traditional hard disk forensics more challenging. This paper will cover the theory behind volatile memory analysis, including why it is important, what kinds of data can be recovered,

Carlos Cid | Kristine Amari | Carlos Cid | Kristine Amari

[1] Stefan Savage,et al. Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[2] Joe Grand,et al. A hardware-based memory acquisition procedure for digital investigations , 2004, Digit. Investig..

[3] Tal Garfinkel,et al. Data lifetime is a systems problem , 2004, EW 11.

[4] Eldad Eilam,et al. Reversing: Secrets of Reverse Engineering , 2005 .

[5] Andreas Schuster,et al. Searching for processes and threads in Microsoft Windows memory dumps , 2006, Digit. Investig..

[6] William A. Arbaugh,et al. FATKit: A framework for the extraction and analysis of digital forensic data from volatile system memory , 2006, Digit. Investig..

[7] W. Alink,et al. Forensic memory analysis: Files mapped in memory , 2008, Digit. Investig..