Memory Forensics

388 views 12 slides Jan 19, 2019
Slide 1
Slide 1 of 12
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12

About This Presentation

The slides will help you to understand the concept of Memory Forensics and how to conduct it on different platforms (i.e Windows and Linux).

Size: 152.18 KB
Language: en
Added: Jan 19, 2019
Slides: 12 pages

Slide Content

“Memory Forensics ” Session By: Anshul Tayal

Outline Introduction What can be found in Memory Overview of the process Tools & Techniques Various Formats Memory Forensics in Context of Windows Device Memory Forensics in Context of Linux Device Hardware Approaches for Memory Forensics Little discussion on the deference between Windows and Linux Forensics 2

Introduction Digital analysis can be broadly studied under two headings S tatic or Dead analysis where, the target devices that are to be analyzed are shut down and L ive analysis where, the system stays in the boot mode and is kept alive. The live analysis has become a need with the increase of cyber crime because individuals have started deleting the contents as soon as possible without saving the contents on the hard drive. Hence in order to retrieve more valuable information the forensic analyst needs to examine the volatile memory. 3

Introduction What is Memory Forensics? 4 The science of examining the volatile or live memory is referred to as Memory Forensics.

What can be found in Memory ? What can be found in the Main Memory? Running Processes. Running Threads. Password/Keys other related information. Live registry hives (in case of windows only). Malware presence Malicious/ Suspicious activities Open Connections to the network In fact anything that processor works upon… 5

Overview of the process Memory Forensics can be studied broadly under three categories : Acquisition of memory Analyzing the acquired data Recovering the evidence 6

Tools & Techniques Tools used for the acquisition of the Memory For Windows Platform Belkasoft Live RAM Capturer FTK Imager OSForensics MadiantMemoryz DumpIt etc. For Linux Platform LiME (Linux Memory Extractor) Second Look Fmem etc. 7

Tools & Techniques Tools used for Analyzing the acquired data For Windows Platform Belkasoft Evidence Center wxHexEditor Autopsy Volatility * For Linux Platform Volatility * The Sleuth Kit (TSK) etc. 8

Various Formats Tools used for the acquisition of the Memory Raw Dump (.img/.dd) Windows Crash dump format (.bin) Memory dump (.mem) Commercial Tools Formats Encase (.E01) VMware (.Vmem) FastDump Pro (hpak) 9

Demonstrations 10

11

…Thank You…
Tags
cyber forensics digital forensics memory forensics forensic investigation cyber security
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 388
  • Slides 12
  • Age 2509 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
30 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
28 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views
View More in This Category