SlideShare a Scribd company logo

Memory Forensics

Download as PPTX, PDF
Anshul Tayal
Anshul Tayal

The slides will help you to understand the concept of Memory Forensics and how to conduct it on different platforms (i.e Windows and Linux).

Education
1 of 12
“Memory Forensics ” Session By: Anshul Tayal
Outline • Introduction • What can be found in Memory • Overview of the process • Tools & Techniques • Various Formats • Memory Forensics in Context of Windows Device • Memory Forensics in Context of Linux Device • Hardware Approaches for Memory Forensics • Little discussion on the deference between Windows and Linux Forensics 2
Introduction Digital analysis can be broadly studied under two headings a) Static or Dead analysis where, the target devices that are to be analyzed are shut down and b) Live analysis where, the system stays in the boot mode and is kept alive. The live analysis has become a need with the increase of cyber crime because individuals have started deleting the contents as soon as possible without saving the contents on the hard drive. Hence in order to retrieve more valuable information the forensic analyst needs to examine the volatile memory. 3
Introduction What is Memory Forensics? 4 The science of examining the volatile or live memory is referred to as Memory Forensics.
What can be found in Memory? What can be found in the Main Memory? a) Running Processes. b) Running Threads. c) Password/Keys other related information. d) Live registry hives (in case of windows only). e) Malware presence f) Malicious/ Suspicious activities g) Open Connections to the network In fact anything that processor works upon… 5
Overview of the process Memory Forensics can be studied broadly under three categories: a) Acquisition of memory b) Analyzing the acquired data c) Recovering the evidence 6 Acquisition Analyze Evidences
Tools & Techniques Tools used for the acquisition of the Memory a) For Windows Platform • Belkasoft Live RAM Capturer • FTK Imager • OSForensics • MadiantMemoryz • DumpIt etc. b) For Linux Platform • LiME (Linux Memory Extractor) • Second Look • Fmem etc. 7
Tools & Techniques Tools used for Analyzing the acquired data a) For Windows Platform • Belkasoft Evidence Center • wxHexEditor • Autopsy • Volatility * b) For Linux Platform • Volatility * • The Sleuth Kit (TSK) etc. 8
Various Formats Tools used for the acquisition of the Memory a) Raw Dump (.img/.dd) b) Windows Crash dump format (.bin) c) Memory dump (.mem) d) Commercial Tools Formats • Encase (.E01) • VMware (.Vmem) • FastDump Pro (hpak) 9
Demonstrations 10
11
Memory Forensics

Recommended

Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory ForensicsAndrew Case
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 

Recommended

Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory ForensicsAndrew Case
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Data recovery
Data recoveryData recovery
Data recoverybhaumik_c
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensicsn|u - The Open Security Community
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics pptOECLIB Odisha Electronics Control Library
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imagingMarco Alamanni
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 
06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - NotesKranthi
 
Anti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsAnti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsgaurang17
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - NotesKranthi
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxLecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxsmile790243
 
Memory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactMemory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactSatria Ady Pradana
 

More Related Content

What's hot

Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Data recovery
Data recoveryData recovery
Data recoverybhaumik_c
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imagingMarco Alamanni
 
06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - NotesKranthi
 
Anti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsAnti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsgaurang17
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - NotesKranthi
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 

What's hot (20)

Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensics
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Data recovery
Data recoveryData recovery
Data recovery
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
 
Mac Forensics
Mac ForensicsMac Forensics
Mac Forensics
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Introduction to forensic imaging
Introduction to forensic imagingIntroduction to forensic imaging
Introduction to forensic imaging
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101
 
06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes
 
Anti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsAnti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifacts
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - Notes
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 

Similar to Memory Forensics

Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxLecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxsmile790243
 
Memory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactMemory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactSatria Ady Pradana
 
Memory Forensic - Investigating Memory Artefact
Memory Forensic - Investigating Memory ArtefactMemory Forensic - Investigating Memory Artefact
Memory Forensic - Investigating Memory ArtefactSatria Ady Pradana
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collectionFakrul Alam
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerShakacon
 
Live memory analysis tools and techniques in linux environment tech foring
Live memory analysis tools and techniques in linux environment tech foringLive memory analysis tools and techniques in linux environment tech foring
Live memory analysis tools and techniques in linux environment tech foringSheikh Foyjul Islam
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - publicSandro Suffert
 
DigitalForensics.ppt
DigitalForensics.pptDigitalForensics.ppt
DigitalForensics.pptssuserba01a3
 

Similar to Memory Forensics (20)

Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxLecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
 
Memory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactMemory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory Artefact
 
Memory Forensic - Investigating Memory Artefact
Memory Forensic - Investigating Memory ArtefactMemory Forensic - Investigating Memory Artefact
Memory Forensic - Investigating Memory Artefact
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collection
 
Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavor
 
DracOs Forensic Flavor
DracOs Forensic FlavorDracOs Forensic Flavor
DracOs Forensic Flavor
 
3871778
38717783871778
3871778
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
You suck at Memory Analysis
You suck at Memory AnalysisYou suck at Memory Analysis
You suck at Memory Analysis
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory Forensics
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layer
 
Live memory analysis tools and techniques in linux environment tech foring
Live memory analysis tools and techniques in linux environment tech foringLive memory analysis tools and techniques in linux environment tech foring
Live memory analysis tools and techniques in linux environment tech foring
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public
 
DigitalForensics.ppt
DigitalForensics.pptDigitalForensics.ppt
DigitalForensics.ppt
 
DigitalForensics.ppt
DigitalForensics.pptDigitalForensics.ppt
DigitalForensics.ppt
 

Recently uploaded

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxLigayaBacuel1
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 

Recently uploaded (20)

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 

Memory Forensics

  • 2. Outline • Introduction • What can be found in Memory • Overview of the process • Tools & Techniques • Various Formats • Memory Forensics in Context of Windows Device • Memory Forensics in Context of Linux Device • Hardware Approaches for Memory Forensics • Little discussion on the deference between Windows and Linux Forensics 2
  • 3. Introduction Digital analysis can be broadly studied under two headings a) Static or Dead analysis where, the target devices that are to be analyzed are shut down and b) Live analysis where, the system stays in the boot mode and is kept alive. The live analysis has become a need with the increase of cyber crime because individuals have started deleting the contents as soon as possible without saving the contents on the hard drive. Hence in order to retrieve more valuable information the forensic analyst needs to examine the volatile memory. 3
  • 4. Introduction What is Memory Forensics? 4 The science of examining the volatile or live memory is referred to as Memory Forensics.
  • 5. What can be found in Memory? What can be found in the Main Memory? a) Running Processes. b) Running Threads. c) Password/Keys other related information. d) Live registry hives (in case of windows only). e) Malware presence f) Malicious/ Suspicious activities g) Open Connections to the network In fact anything that processor works upon… 5
  • 6. Overview of the process Memory Forensics can be studied broadly under three categories: a) Acquisition of memory b) Analyzing the acquired data c) Recovering the evidence 6 Acquisition Analyze Evidences
  • 7. Tools & Techniques Tools used for the acquisition of the Memory a) For Windows Platform • Belkasoft Live RAM Capturer • FTK Imager • OSForensics • MadiantMemoryz • DumpIt etc. b) For Linux Platform • LiME (Linux Memory Extractor) • Second Look • Fmem etc. 7
  • 8. Tools & Techniques Tools used for Analyzing the acquired data a) For Windows Platform • Belkasoft Evidence Center • wxHexEditor • Autopsy • Volatility * b) For Linux Platform • Volatility * • The Sleuth Kit (TSK) etc. 8
  • 9. Various Formats Tools used for the acquisition of the Memory a) Raw Dump (.img/.dd) b) Windows Crash dump format (.bin) c) Memory dump (.mem) d) Commercial Tools Formats • Encase (.E01) • VMware (.Vmem) • FastDump Pro (hpak) 9
  • 11. 11