Signature based volatile memory forensics: a detection based approach for analyzing sophisticated cyber attacks

Signature based volatile memory forensics: a detection based approach for analyzing sophisticated cyber attacks

Volatile memory forensics—a live forensic approach to collect real time activity based artifacts which may not be possible through postmortem forensics. Volatile memory forensics techniques inspect RAM to extract information such as passwords, encryption keys, network activity, open files and the se...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of information technology (Singapore. Online) 2019-09, Vol.11 (3), p.583-589
Hauptverfasser: Mistry, Nilay R., Dahiya, M. S.
Format: Artikel
Sprache:eng
Schlagworte:
Computer Communication Networks
Computer Science
Computer Systems Organization and Communication Networks
Information Systems and Communication Service
Management of Computing and Information Systems
Original Article
Software Engineering/Programming and Operating Systems
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Volatile memory forensics—a live forensic approach to collect real time activity based artifacts which may not be possible through postmortem forensics. Volatile memory forensics techniques inspect RAM to extract information such as passwords, encryption keys, network activity, open files and the set of processes and threads currently running within an operating system. Volatile memory dump is used for offline investigation of live data. In this research signature based artifacts identification done using keywords and default hex values. In this research various challenging scenario is discussed and using regular expressions evidence signatures are identified. Besides these scenarios recent Ransomware attacks can also be solved using volatile memory forensic analysis.
ISSN:2511-2104
2511-2112
DOI:10.1007/s41870-018-0263-4