SlideShare una empresa de Scribd logo

Memory Forensics

Descargar como PPTX, PDF
Anshul Tayal
Anshul Tayal

The slides will help you to understand the concept of Memory Forensics and how to conduct it on different platforms (i.e Windows and Linux).

Educación
1 de 12
“Memory Forensics ” Session By: Anshul Tayal
Outline • Introduction • What can be found in Memory • Overview of the process • Tools & Techniques • Various Formats • Memory Forensics in Context of Windows Device • Memory Forensics in Context of Linux Device • Hardware Approaches for Memory Forensics • Little discussion on the deference between Windows and Linux Forensics 2
Introduction Digital analysis can be broadly studied under two headings a) Static or Dead analysis where, the target devices that are to be analyzed are shut down and b) Live analysis where, the system stays in the boot mode and is kept alive. The live analysis has become a need with the increase of cyber crime because individuals have started deleting the contents as soon as possible without saving the contents on the hard drive. Hence in order to retrieve more valuable information the forensic analyst needs to examine the volatile memory. 3
Introduction What is Memory Forensics? 4 The science of examining the volatile or live memory is referred to as Memory Forensics.
What can be found in Memory? What can be found in the Main Memory? a) Running Processes. b) Running Threads. c) Password/Keys other related information. d) Live registry hives (in case of windows only). e) Malware presence f) Malicious/ Suspicious activities g) Open Connections to the network In fact anything that processor works upon… 5
Overview of the process Memory Forensics can be studied broadly under three categories: a) Acquisition of memory b) Analyzing the acquired data c) Recovering the evidence 6 Acquisition Analyze Evidences
Tools & Techniques Tools used for the acquisition of the Memory a) For Windows Platform • Belkasoft Live RAM Capturer • FTK Imager • OSForensics • MadiantMemoryz • DumpIt etc. b) For Linux Platform • LiME (Linux Memory Extractor) • Second Look • Fmem etc. 7
Tools & Techniques Tools used for Analyzing the acquired data a) For Windows Platform • Belkasoft Evidence Center • wxHexEditor • Autopsy • Volatility * b) For Linux Platform • Volatility * • The Sleuth Kit (TSK) etc. 8
Various Formats Tools used for the acquisition of the Memory a) Raw Dump (.img/.dd) b) Windows Crash dump format (.bin) c) Memory dump (.mem) d) Commercial Tools Formats • Encase (.E01) • VMware (.Vmem) • FastDump Pro (hpak) 9
Demonstrations 10
11
Memory Forensics

Recomendados

Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory ForensicsAndrew Case
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensicsn|u - The Open Security Community
 

Recomendados

Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory ForensicsAndrew Case
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensicsn|u - The Open Security Community
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic InvestigatorAgape Inc
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Network forensics1
Network forensics1Network forensics1
Network forensics1Santosh Khadsare
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Computer forensic
Computer forensicComputer forensic
Computer forensicbhavithd
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsJared Greenhill
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & ChallengesDeepak Kumar (D3)
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wiresharkn|u - The Open Security Community
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
DF Process Models
DF Process ModelsDF Process Models
DF Process ModelsCostas Katsavounidis
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifactsn|u - The Open Security Community
 
Live memory forensics
Live memory forensicsLive memory forensics
Live memory forensicsMehedi Hasan
 
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxLecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxsmile790243
 
Memory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactMemory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactSatria Ady Pradana
 

Más contenido relacionado

La actualidad más candente

Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic InvestigatorAgape Inc
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Computer forensic
Computer forensicComputer forensic
Computer forensicbhavithd
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsJared Greenhill
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Live memory forensics
Live memory forensicsLive memory forensics
Live memory forensicsMehedi Hasan
 

La actualidad más candente (20)

Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
DF Process Models
DF Process ModelsDF Process Models
DF Process Models
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifacts
 
Live memory forensics
Live memory forensicsLive memory forensics
Live memory forensics
 

Similar a Memory Forensics

Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxLecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxsmile790243
 
Memory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactMemory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactSatria Ady Pradana
 
Memory Forensic - Investigating Memory Artefact
Memory Forensic - Investigating Memory ArtefactMemory Forensic - Investigating Memory Artefact
Memory Forensic - Investigating Memory ArtefactSatria Ady Pradana
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collectionFakrul Alam
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerShakacon
 
Live memory analysis tools and techniques in linux environment tech foring
Live memory analysis tools and techniques in linux environment tech foringLive memory analysis tools and techniques in linux environment tech foring
Live memory analysis tools and techniques in linux environment tech foringSheikh Foyjul Islam
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - publicSandro Suffert
 
DigitalForensics.ppt
DigitalForensics.pptDigitalForensics.ppt
DigitalForensics.pptssuserba01a3
 

Similar a Memory Forensics (20)

Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxLecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
 
Memory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory ArtefactMemory Forensic: Investigating Memory Artefact
Memory Forensic: Investigating Memory Artefact
 
Memory Forensic - Investigating Memory Artefact
Memory Forensic - Investigating Memory ArtefactMemory Forensic - Investigating Memory Artefact
Memory Forensic - Investigating Memory Artefact
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collection
 
Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavor
 
DracOs Forensic Flavor
DracOs Forensic FlavorDracOs Forensic Flavor
DracOs Forensic Flavor
 
3871778
38717783871778
3871778
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
You suck at Memory Analysis
You suck at Memory AnalysisYou suck at Memory Analysis
You suck at Memory Analysis
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory Forensics
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layer
 
Live memory analysis tools and techniques in linux environment tech foring
Live memory analysis tools and techniques in linux environment tech foringLive memory analysis tools and techniques in linux environment tech foring
Live memory analysis tools and techniques in linux environment tech foring
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public
 
DigitalForensics.ppt
DigitalForensics.pptDigitalForensics.ppt
DigitalForensics.ppt
 
DigitalForensics.ppt
DigitalForensics.pptDigitalForensics.ppt
DigitalForensics.ppt
 

Último

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 

Último (20)

Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 

Memory Forensics

  • 2. Outline • Introduction • What can be found in Memory • Overview of the process • Tools & Techniques • Various Formats • Memory Forensics in Context of Windows Device • Memory Forensics in Context of Linux Device • Hardware Approaches for Memory Forensics • Little discussion on the deference between Windows and Linux Forensics 2
  • 3. Introduction Digital analysis can be broadly studied under two headings a) Static or Dead analysis where, the target devices that are to be analyzed are shut down and b) Live analysis where, the system stays in the boot mode and is kept alive. The live analysis has become a need with the increase of cyber crime because individuals have started deleting the contents as soon as possible without saving the contents on the hard drive. Hence in order to retrieve more valuable information the forensic analyst needs to examine the volatile memory. 3
  • 4. Introduction What is Memory Forensics? 4 The science of examining the volatile or live memory is referred to as Memory Forensics.
  • 5. What can be found in Memory? What can be found in the Main Memory? a) Running Processes. b) Running Threads. c) Password/Keys other related information. d) Live registry hives (in case of windows only). e) Malware presence f) Malicious/ Suspicious activities g) Open Connections to the network In fact anything that processor works upon… 5
  • 6. Overview of the process Memory Forensics can be studied broadly under three categories: a) Acquisition of memory b) Analyzing the acquired data c) Recovering the evidence 6 Acquisition Analyze Evidences
  • 7. Tools & Techniques Tools used for the acquisition of the Memory a) For Windows Platform • Belkasoft Live RAM Capturer • FTK Imager • OSForensics • MadiantMemoryz • DumpIt etc. b) For Linux Platform • LiME (Linux Memory Extractor) • Second Look • Fmem etc. 7
  • 8. Tools & Techniques Tools used for Analyzing the acquired data a) For Windows Platform • Belkasoft Evidence Center • wxHexEditor • Autopsy • Volatility * b) For Linux Platform • Volatility * • The Sleuth Kit (TSK) etc. 8
  • 9. Various Formats Tools used for the acquisition of the Memory a) Raw Dump (.img/.dd) b) Windows Crash dump format (.bin) c) Memory dump (.mem) d) Commercial Tools Formats • Encase (.E01) • VMware (.Vmem) • FastDump Pro (hpak) 9
  • 11. 11