SlideShare a Scribd company logo

Introduction to memory forensics

Download as ODP, PDF
Marco Alamanni
Marco Alamanni

This is a draft presentation of a video lesson taken from the course "Digital forensics with Kali Linux" published by Packt Publishing in May 2017: https://www.packtpub.com/networking-and-servers/digital-forensics-kali-linux This presentation introduces memory forensics and recalls the most important concepts of virtual memory and paging.

Software
1 of 10
Digital forensics with Kali Linux Marco Alamanni Section 6 Memory forensics www.packtpub.com
In this Section, we are going to take a look at… • Introduction to virtual memory. • Acquiring a RAM image. • Analyzing a memory image with the Volatility framework.
Course Name Author Name Video 6.1 Introduction to memory forensics
In this Video, we are going to take a look at… ● Virtual memory management and paging. • Introduction to memory forensics.
Introduction to memory forensics ● Memory forensics is the process of acquiring and analyzing the main memory of a system. ● Very important in the live response process, investigating an intrusion or a malware infection. Allows to collect and examine volatile artifacts that in some cases exist only in memory.
Introduction to virtual memory ● Virtual memory overcomes the limits of physical memory and maps logical to physical memory addresses. ● Virtual memory is divided into chunks called pages. ● The page table mantains the mapping between pages and the relative physical page frames.
Introduction to virtual memory ● Pages are swapped to disk when physical memory lacks according to a page replacement algorithm. ● A page fault is generated when a process refers a logical address of a swapped page. ● The memory manager reads the page from disk and loads it to memory.
Introduction to virtual memory ● Windows page file is %SYSTEMDRIVE%pagefile.sys while Unix and Linux use the swap partition. ● The hibernation file stores the contents of RAM before the OS goes to hibernation state. ● On Windows is located at %SYSTEMDRIVEhiberfil.sys while Linux generally uses the swap partition.
Next Video Memory acquisition
Next Video Memory acquisition

Recommended

Windows Forensics
Windows ForensicsWindows Forensics
Windows ForensicsPrince Boonlia
 
Live Forensics
Live ForensicsLive Forensics
Live ForensicsCTIN
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
Vista Forensics
Vista ForensicsVista Forensics
Vista ForensicsCTIN
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source ForensicsCTIN
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheetMichael Gough
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 

Recommended

Windows Forensics
Windows ForensicsWindows Forensics
Windows ForensicsPrince Boonlia
 
Live Forensics
Live ForensicsLive Forensics
Live ForensicsCTIN
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
Vista Forensics
Vista ForensicsVista Forensics
Vista ForensicsCTIN
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source ForensicsCTIN
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheetMichael Gough
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - publicSandro Suffert
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drivesCTIN
 
Netcat cheat sheet
Netcat cheat sheetNetcat cheat sheet
Netcat cheat sheetYoussoufou YABRE
 
Unit B Windows 7
Unit B Windows 7Unit B Windows 7
Unit B Windows 7Chaffey College
 
File carving tools
File carving toolsFile carving tools
File carving toolsMarco Alamanni
 
File system
File systemFile system
File systemHarleen Johal
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityCTIN
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Mark Matienzo
 
Sleuth kit by echavarro - HABEMUSHACKING
Sleuth kit by echavarro - HABEMUSHACKINGSleuth kit by echavarro - HABEMUSHACKING
Sleuth kit by echavarro - HABEMUSHACKINGEduardo Chavarro
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionSeccuris Inc.
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
Raidprep
RaidprepRaidprep
RaidprepCTIN
 
NTFS Forensics
NTFS Forensics NTFS Forensics
NTFS Forensics nullowaspmumbai
 
NTFS file system
NTFS file systemNTFS file system
NTFS file systemRavi Yasas
 
Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...Mark Matienzo
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsMike Spaulding
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierBasis Technology
 
Cache memory and virtual memory
Cache memory and virtual memoryCache memory and virtual memory
Cache memory and virtual memoryPrakharBansal29
 
Virtual Memory
Virtual MemoryVirtual Memory
Virtual MemoryFarzan Dehbashi
 
Vmreport
VmreportVmreport
Vmreportmeru2ks
 

More Related Content

Viewers also liked

2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - publicSandro Suffert
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drivesCTIN
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityCTIN
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Mark Matienzo
 
Sleuth kit by echavarro - HABEMUSHACKING
Sleuth kit by echavarro - HABEMUSHACKINGSleuth kit by echavarro - HABEMUSHACKING
Sleuth kit by echavarro - HABEMUSHACKINGEduardo Chavarro
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionSeccuris Inc.
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
Raidprep
RaidprepRaidprep
RaidprepCTIN
 
NTFS file system
NTFS file systemNTFS file system
NTFS file systemRavi Yasas
 
Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...Mark Matienzo
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsMike Spaulding
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierBasis Technology
 

Viewers also liked (19)

2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drives
 
Netcat cheat sheet
Netcat cheat sheetNetcat cheat sheet
Netcat cheat sheet
 
Unit B Windows 7
Unit B Windows 7Unit B Windows 7
Unit B Windows 7
 
File carving tools
File carving toolsFile carving tools
File carving tools
 
File system
File systemFile system
File system
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It Security
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for Investigators
 
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
Accessioning-Based Metadata Extraction and Iterative Processing: Notes From t...
 
Sleuth kit by echavarro - HABEMUSHACKING
Sleuth kit by echavarro - HABEMUSHACKINGSleuth kit by echavarro - HABEMUSHACKING
Sleuth kit by echavarro - HABEMUSHACKING
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and prevention
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
 
Raidprep
RaidprepRaidprep
Raidprep
 
NTFS Forensics
NTFS Forensics NTFS Forensics
NTFS Forensics
 
NTFS file system
NTFS file systemNTFS file system
NTFS file system
 
Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...Using and Developing with Open Source Digital Forensics Software in Digital A...
Using and Developing with Open Source Digital Forensics Software in Digital A...
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti Forensics
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
 
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
 

Similar to Introduction to memory forensics

Cache memory and virtual memory
Cache memory and virtual memoryCache memory and virtual memory
Cache memory and virtual memoryPrakharBansal29
 
Vmreport
VmreportVmreport
Vmreportmeru2ks
 
Virtual memory
Virtual memoryVirtual memory
Virtual memoryNegar Neda
 
Virtual Memory
Virtual MemoryVirtual Memory
Virtual Memoryvampugani
 
Virtual Memory Management Part - I.pdf
Virtual Memory Management Part - I.pdfVirtual Memory Management Part - I.pdf
Virtual Memory Management Part - I.pdfHarika Pudugosula
 
Power Point Presentation on Virtual Memory.ppt
Power Point Presentation on Virtual Memory.pptPower Point Presentation on Virtual Memory.ppt
Power Point Presentation on Virtual Memory.pptRahulRaj395610
 
local_media3192961381667787861026781.pptx
local_media3192961381667787861026781.pptxlocal_media3192961381667787861026781.pptx
local_media3192961381667787861026781.pptxLyn B
 
Virtual memory
Virtual memoryVirtual memory
Virtual memoryAnuj Modi
 
Virtual memory managment
Virtual memory managmentVirtual memory managment
Virtual memory managmentSantu Kumar
 
Live memory forensics
Live memory forensicsLive memory forensics
Live memory forensicsMehedi Hasan
 
Controlling Memory Footprint at All Layers: Linux Kernel, Applications, Libra...
Controlling Memory Footprint at All Layers: Linux Kernel, Applications, Libra...Controlling Memory Footprint at All Layers: Linux Kernel, Applications, Libra...
Controlling Memory Footprint at All Layers: Linux Kernel, Applications, Libra...peknap
 
Things I wish I knew about GemStone
Things I wish I knew about GemStoneThings I wish I knew about GemStone
Things I wish I knew about GemStoneESUG
 
Driver development – memory management
Driver development – memory managementDriver development – memory management
Driver development – memory managementVandana Salve
 
2019 PHP Serbia - Boosting your performance with Blackfire
2019 PHP Serbia - Boosting your performance with Blackfire2019 PHP Serbia - Boosting your performance with Blackfire
2019 PHP Serbia - Boosting your performance with BlackfireMarko Mitranić
 
Memory Hierarchy.pptx
Memory Hierarchy.pptxMemory Hierarchy.pptx
Memory Hierarchy.pptxGOLDAtomics
 
Windows Internal - Ch9 memory management
Windows Internal - Ch9 memory managementWindows Internal - Ch9 memory management
Windows Internal - Ch9 memory managementKent Huang
 
Linux Memory Management with CMA (Contiguous Memory Allocator)
Linux Memory Management with CMA (Contiguous Memory Allocator)Linux Memory Management with CMA (Contiguous Memory Allocator)
Linux Memory Management with CMA (Contiguous Memory Allocator)Pankaj Suryawanshi
 

Similar to Introduction to memory forensics (20)

Cache memory and virtual memory
Cache memory and virtual memoryCache memory and virtual memory
Cache memory and virtual memory
 
Virtual Memory
Virtual MemoryVirtual Memory
Virtual Memory
 
Vmreport
VmreportVmreport
Vmreport
 
Virtual memory
Virtual memoryVirtual memory
Virtual memory
 
Virtual Memory
Virtual MemoryVirtual Memory
Virtual Memory
 
Virtual Memory Management Part - I.pdf
Virtual Memory Management Part - I.pdfVirtual Memory Management Part - I.pdf
Virtual Memory Management Part - I.pdf
 
Power Point Presentation on Virtual Memory.ppt
Power Point Presentation on Virtual Memory.pptPower Point Presentation on Virtual Memory.ppt
Power Point Presentation on Virtual Memory.ppt
 
local_media3192961381667787861026781.pptx
local_media3192961381667787861026781.pptxlocal_media3192961381667787861026781.pptx
local_media3192961381667787861026781.pptx
 
Virtual memory
Virtual memoryVirtual memory
Virtual memory
 
Virtual memory managment
Virtual memory managmentVirtual memory managment
Virtual memory managment
 
Live memory forensics
Live memory forensicsLive memory forensics
Live memory forensics
 
UNIT IV.pptx
UNIT IV.pptxUNIT IV.pptx
UNIT IV.pptx
 
Controlling Memory Footprint at All Layers: Linux Kernel, Applications, Libra...
Controlling Memory Footprint at All Layers: Linux Kernel, Applications, Libra...Controlling Memory Footprint at All Layers: Linux Kernel, Applications, Libra...
Controlling Memory Footprint at All Layers: Linux Kernel, Applications, Libra...
 
Things I wish I knew about GemStone
Things I wish I knew about GemStoneThings I wish I knew about GemStone
Things I wish I knew about GemStone
 
Driver development – memory management
Driver development – memory managementDriver development – memory management
Driver development – memory management
 
Caveats
CaveatsCaveats
Caveats
 
2019 PHP Serbia - Boosting your performance with Blackfire
2019 PHP Serbia - Boosting your performance with Blackfire2019 PHP Serbia - Boosting your performance with Blackfire
2019 PHP Serbia - Boosting your performance with Blackfire
 
Memory Hierarchy.pptx
Memory Hierarchy.pptxMemory Hierarchy.pptx
Memory Hierarchy.pptx
 
Windows Internal - Ch9 memory management
Windows Internal - Ch9 memory managementWindows Internal - Ch9 memory management
Windows Internal - Ch9 memory management
 
Linux Memory Management with CMA (Contiguous Memory Allocator)
Linux Memory Management with CMA (Contiguous Memory Allocator)Linux Memory Management with CMA (Contiguous Memory Allocator)
Linux Memory Management with CMA (Contiguous Memory Allocator)
 

More from Marco Alamanni

Extracting and analyzing browser,email and IM artifacts
Extracting and analyzing browser,email and IM artifactsExtracting and analyzing browser,email and IM artifacts
Extracting and analyzing browser,email and IM artifactsMarco Alamanni
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imagingMarco Alamanni
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensicsMarco Alamanni
 
Trust:concetti generali e teoria formale
Trust:concetti generali e teoria formaleTrust:concetti generali e teoria formale
Trust:concetti generali e teoria formaleMarco Alamanni
 

More from Marco Alamanni (6)

File carving overview
File carving overviewFile carving overview
File carving overview
 
Extracting and analyzing browser,email and IM artifacts
Extracting and analyzing browser,email and IM artifactsExtracting and analyzing browser,email and IM artifacts
Extracting and analyzing browser,email and IM artifacts
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imaging
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensics
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database Vault
 
Trust:concetti generali e teoria formale
Trust:concetti generali e teoria formaleTrust:concetti generali e teoria formale
Trust:concetti generali e teoria formale
 

Recently uploaded

CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 

Recently uploaded (20)

CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 

Introduction to memory forensics

  • 1. Digital forensics with Kali Linux Marco Alamanni Section 6 Memory forensics www.packtpub.com
  • 2. In this Section, we are going to take a look at… • Introduction to virtual memory. • Acquiring a RAM image. • Analyzing a memory image with the Volatility framework.
  • 3. Course Name Author Name Video 6.1 Introduction to memory forensics
  • 4. In this Video, we are going to take a look at… ● Virtual memory management and paging. • Introduction to memory forensics.
  • 5. Introduction to memory forensics ● Memory forensics is the process of acquiring and analyzing the main memory of a system. ● Very important in the live response process, investigating an intrusion or a malware infection. Allows to collect and examine volatile artifacts that in some cases exist only in memory.
  • 6. Introduction to virtual memory ● Virtual memory overcomes the limits of physical memory and maps logical to physical memory addresses. ● Virtual memory is divided into chunks called pages. ● The page table mantains the mapping between pages and the relative physical page frames.
  • 7. Introduction to virtual memory ● Pages are swapped to disk when physical memory lacks according to a page replacement algorithm. ● A page fault is generated when a process refers a logical address of a swapped page. ● The memory manager reads the page from disk and loads it to memory.
  • 8. Introduction to virtual memory ● Windows page file is %SYSTEMDRIVE%pagefile.sys while Unix and Linux use the swap partition. ● The hibernation file stores the contents of RAM before the OS goes to hibernation state. ● On Windows is located at %SYSTEMDRIVEhiberfil.sys while Linux generally uses the swap partition.