%69 %5 %0 SafeAssign Originality Report Digital Forensics Tools & Tchq - 202040 - CRN127 - Rucker • Week Eight Assignment %74Total Score: High riskVenkatesh Bodhupally Submission UUID: 680cd83f-65c1-b609-7c13-c42c95f8db1c Total Number of Reports 1 Highest Match 74 % forensictools.docx Average Match 74 % Submitted on 04/30/20 05:27 PM EDT Average Word Count 564 Highest: forensictools.docx %74Attachment 1 Institutional database (2) Student paper Student paper Scholarly journals & publications (2) ProQuest document ProQuest document Internet (1) dfrws Top sources (3) Excluded sources (0) View Originality Report - Old Design Word Count: 564 forensictools.docx 2 5 4 3 1 2 Student paper 4 ProQuest document 5 Student paper https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport?attemptId=4b21db19-c753-4a4c-bf5f-5fa5c168286f&course_id=_47023_1&download=true&includeDeleted=true&print=true&force=true Source Matches (13) dfrws 66% Student paper 100% Student paper 100% Running Head: INVESTIGATIONS AND FORENSICS 1 INVESTIGATIONS AND FORENSICS 4 Tools in Memory Forensics Venkatesh Bodhupally NEC. Some of the tools applicable in the collection of live memory images in media include; volatility suite (Htun, Thwin & San, 2018). This tool or program analyzes the RAM and has support from different operating systems such as Linux and windows. RAW and VMWare are also analyzable by this tool, with no issues arising. Rekall is a tool used by investigators and responders since it features in analyzing other tools and acquiescing them. It's not a single application but a forensic framework (Socała & Cohen, 2016). Helix ISO, a live disk that helps in capturing of memory images in a system and memory dumping. This type of tool has some risks associated with it that make it not able to run directly into a system such as acquisition footprint Other tools include; process hacker which is an application that monitors application, and it can be run when the machine that is on target is on use. The tool makes an investigator understand the issue affecting the system before a snapshot of the memory is taken (Eden, Pontypridd, Cherdantseva, & Stoddart, 2016). The tool can also help in uncovering processes that are malicious and in identifying terminated processes in a set period. Investigators also use or can use Belk soft RAM capture, which allows capturing of the volatile section of system memory into a file. Belksoft RAM capture is a criminology device that has a free unpredictable memory, and it is used in catching the live RAM. Belksoft RAM capture has drivers worth 32-bit and 64-bit; that's why this tool is used in overcoming anti-debugging as well as anti-dumping systems. Ftk Imager is a tool that catches the live RAM. At a time picture, this type of tool makes a tiny bit alongside slack space. This type of tool is not capable of dividing or dissecting the memory dump that is caught (Venkateswara Rao, & Ch.

1. %69
%5
%0
SafeAssign Originality Report
Digital Forensics Tools & Tchq - 202040 - CRN127 - Rucker •
Week Eight Assignment
%74Total Score: High riskVenkatesh Bodhupally
Submission UUID: 680cd83f-65c1-b609-7c13-c42c95f8db1c
Total Number of Reports
1
Highest Match
74 %
forensictools.docx
Average Match
74 %
Submitted on
04/30/20
05:27 PM EDT
Average Word Count
564

2. Highest: forensictools.docx
%74Attachment 1
Institutional database (2)
Student paper Student paper
Scholarly journals & publications (2)
ProQuest document ProQuest document
Internet (1)
dfrws
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 564
forensictools.docx
2 5
4 3
1
2 Student paper 4 ProQuest document 5 Student paper
https://blackboard.nec.edu/webapps/mdb-sa-
BB5b75a0e7334a9/originalityReport?attemptId=4b21db19-
c753-4a4c-bf5f-

3. 5fa5c168286f&course_id=_47023_1&download=true&includeD
eleted=true&print=true&force=true
Source Matches (13)
dfrws 66%
Student paper 100%
Student paper 100%
Running Head: INVESTIGATIONS AND FORENSICS 1
INVESTIGATIONS AND FORENSICS 4
Tools in Memory Forensics
Venkatesh Bodhupally
NEC.
Some of the tools applicable in the collection of live memory
images in media include; volatility suite (Htun, Thwin & San,
2018). This tool or program analyzes the
RAM and has support from different operating systems such as
Linux and windows. RAW and VMWare are also analyzable by
this tool, with no issues arising. Rekall is
a tool used by investigators and responders since it features in
analyzing other tools and acquiescing them. It's not a single
application but a forensic framework
(Socała & Cohen, 2016). Helix ISO, a live disk that helps in
capturing of memory images in a system and memory dumping.
This type of tool has some risks associated
with it that make it not able to run directly into a system such as

4. acquisition footprint Other tools include; process hacker which
is an application that monitors
application, and it can be run when the machine that is on target
is on use. The tool makes an investigator understand the issue
affecting the system before a
snapshot of the memory is taken (Eden, Pontypridd,
Cherdantseva, & Stoddart, 2016). The tool can also help in
uncovering processes that are malicious and in
identifying terminated processes in a set period. Investigators
also use or can use Belk soft RAM capture, which allows
capturing of the volatile section of system
memory into a file. Belksoft RAM capture is a criminology
device that has a free unpredictable memory, and it is used in
catching the live RAM. Belksoft RAM capture
has drivers worth 32-bit and 64-bit; that's why this tool is used
in overcoming anti-debugging as well as anti-dumping systems.
Ftk Imager is a tool that catches the live
RAM. At a time picture, this type of tool makes a tiny bit
alongside slack space. This type of tool is not capable of
dividing or dissecting the memory dump that is
caught (Venkateswara Rao, & Chakravarthy, 2016). A yearly
subscription for Ftk Imager is $2,227, and a perpetual license
goes for $3,995. Windows SCOPE is a tool
used in windows 10 but when accommodating bolster. In terms
of security breaks, this tool offers excellent reminiscence crime
scenes investigations. Windows SCOPE
is worth $9,899 when purchased in each year. This tool
presently been offering cloud rentals. Windows SCOPE can also
achieve reverse-engineering in the whole
gadget form corporal memory.
References Eden, P., Pontypridd, C., Blyth, A., Burnap, P.,
Cherdantseva, Y., Jones, K.,... & Stoddart, K. (2016). Forensic
Readiness for SCADA/ICS Incident. In
Proceedings of the 4th International Symposium for ICS &

5. SCADA Cyber Security Research (p. 142). Retrieved from
https://www.scienceopen.com/hosteddocument?
doi=10.14236/ewic/ICSCSR2016.0 Htun, N. L., Thwin, M. M.
S., & San, C. C. (2018, July). Evidence Data Collection with
ANDROSICS Tool for Android
Forensics. In 2018 10th International Conference on
Information Technology and Electrical Engineering (ICITEE)
(pp. 353-358). IEEE. Retrieved from
https://ieeexplore.ieee.org/abstract/document/8534760/ Socała,
A., & Cohen, M. (2016). Automatic profile generation for live
Linux Memory analysis. Digital
Investigation, 16, S11-S24. Retrieved from
https://www.sciencedirect.com/science/article/pii/S1742287616
000050
Venkateswara Rao, V., & Chakravarthy, A. S. N. (2016). Survey
on android forensic tools and methodologies. International
Journal of Computer Applications, 154(8), 17-
21. Retrieved from
https://pdfs.semanticscholar.org/7f9c/b432a610d08dd4eda2cda5
c17feacfa08863.pdf
1
2
2 2
2 2 2
3
2

6. 4
5
1
Student paper
Tools in Memory Forensics
Original source
Memory Forensics I
2
Student paper
Some of the tools applicable in the
collection of live memory images in
media include; volatility suite (Htun,
Thwin & San, 2018). This tool or program
analyzes the RAM and has support from
different operating systems such as
Linux and windows. RAW and VMWare
are also analyzable by this tool, with no
issues arising.
Original source
Some of the tools applicable in collection
of live memory images in media include
volatility suite (Htun, Thwin & San, 2018)
This tool or program analyzes the RAM
and has support from different operating

7. systems such as Linux and windows
RAW, VMWare are also analyzable by this
tool with no issues arising
2
Student paper
Rekall is a tool used by investigators and
responders since it features in analyzing
other tools and acquiescing them. It's not
a single application but a forensic
framework (Socała & Cohen, 2016). Helix
ISO, a live disk that helps in capturing of
memory images in a system and memory
dumping. This type of tool has some risks
associated with it that make it not able to
run directly into a system such as
acquisition footprint Other tools include;
Original source
Rekall is a tool used by investigators and
responders since it features in analyzing
other tools and acquiescing them It’s not
a single application but a forensic
framework (Socała & Cohen, 2016) Helix
ISO, a live disk that helps in capturing of
memory images in a system and memory
dumping This type of tool has some risks
associated with it that make it not able to
run directly into a system such as
acquisition footprint Other tools include

8. Student paper 98%
Student paper 91%
Student paper 100%
Student paper 100%
Student paper 100%
Student paper 100%
ProQuest document 75%
Student paper 100%
ProQuest document 88%
Student paper 76%
2
Student paper
process hacker which is an application
that monitors application, and it can be
run when the machine that is on target is
on use. The tool makes an investigator
understand the issue affecting the
system before a snapshot of the memory
is taken (Eden, Pontypridd,
Cherdantseva, & Stoddart, 2016). The
tool can also help in uncovering
processes that are malicious and in
identifying terminated processes in a set
period. Investigators also use or can use

9. Belk soft RAM capture, which allows
capturing of the volatile section of
system memory into a file.
Original source
process hacker an application that
monitors application and it can be run
when the machine that is on target is on
use The tool makes an investigator
understand the issue affecting the
system before a snapshot of the memory
is taken (Eden, Pontypridd,
Cherdantseva, & Stoddart, 2016) The tool
can also help in uncovering processes
that are malicious and in identifying
terminated processes in a set period of
time Investigators also use or can use
Belk soft RAM capture which allows
capturing of the volatile section of
system memory into a file
2
Student paper
References Eden, P., Pontypridd, C.,
Blyth, A., Burnap, P., Cherdantseva, Y.,
Jones, K.,...
Original source
3) Eden, P., Pontypridd, C., Blyth, A.,
Burnap, P., Cherdantseva, Y., Jones, K.,
2

10. Student paper
Forensic Readiness for SCADA/ICS
Incident. In Proceedings of the 4th
International Symposium for ICS &
SCADA Cyber Security Research (p.
Original source
Forensic Readiness for SCADA/ICS
Incident In Proceedings of the 4th
International Symposium for ICS &
SCADA Cyber Security Research (p
2
Student paper
L., Thwin, M.
Original source
L., Thwin, M
2
Student paper
S., & San, C.
Original source
S., & San, C
2

11. Student paper
Evidence Data Collection with
ANDROSICS Tool for Android Forensics.
In 2018 10th International Conference on
Information Technology and Electrical
Engineering (ICITEE) (pp.
Original source
Evidence Data Collection with
ANDROSICS Tool for Android Forensics In
2018 10th International Conference on
Information Technology and Electrical
Engineering (ICITEE) (pp
3
Student paper
Retrieved from
https://ieeexplore.ieee.org/abstract/docu
ment/8534760/ Socała, A., & Cohen, M.
Original source
Retrieved from
https://ieeexplore.ieee.org/abstract/docu
ment/4147979
2
Student paper
Automatic profile generation for live

12. Linux Memory analysis. Digital
Investigation, 16, S11-S24.
Original source
Automatic profile generation for live
Linux Memory analysis Digital
Investigation, 16, S11-S24
4
Student paper
Retrieved from
https://www.sciencedirect.com/science/a
rticle/pii/S1742287616000050
Original source
Retrieved from
https://www.sciencedirect.com/science/a
rticle/pii/S016762961500082X
5
Student paper
Retrieved from
https://pdfs.semanticscholar.org/7f9c/b4
32a610d08dd4eda2cda5c17feacfa08863.
pdf
Original source
Retrieved from
https://pdfs.semanticscholar.org/6447/3

13. 95a2f7649ec609aabdd28863c506d3d939
9.pdf