memory forensics Archives - Forensic Focus

Research Roundup: New Tools And Techniques And Ensuring Their Quality

7th July 2021

The month of May saw a robust, diverse set of academic papers published. Tools and techniques are as present as ever — focusing that month on Windows 10 and mobile malware — but so are discussions about how to ensure … Read more

How To Use AXIOM In Malware Investigations: Part I

14th May 202011th November 2019

Hey everyone, Tara Nelson here with Magnet Forensics. Today I’m going to give a little bit of insight into how AXIOM can help with some of your day-to-day investigations.

In part one of the segment we’re going to talk a … Read more

Memory Dump Formats

12th May 20208th February 2018

by Chirath De Alwis

As in other storage devices, volatile memory also has several formats. According to the acquisition method that is in use, the captured file format can be vary. According to (Ligh et al, 2018) the most commonly … Read more

Linux Memory Forensics: Dissecting the User Space Process Heap

12th May 202016th October 2017

by Frank Block and Andreas Dewald

Abstract

The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process … Read more

RAM Forensic Analysis

12th May 202026th June 2017

by Eliézer Pereira

1 Goal

The purpose of this article is show how to perform a RAM memory forensic analysis, presenting some examples of information that can be retrieved and analyzed to help identify indications of security incidents as well … Read more

Digital Forensic Investigational Tool For Volatile Browser Based Data Analysis in Windows 8 OS

12th May 202022nd December 2016

by W.Chirath De Alwis, School of Computing, Asia Pacific Institute of Information Technology, Colombo, Sri Lanka

Abstract

Cyber security threats on sensitive resources have increased recently and it has increased the need for digital forensic analysis tools. Digital evidence can … Read more

Acquiring Windows PCs

12th May 202026th May 2015

by Oleg Afonin, Danil Nikolaev and Yuri Gubanov

In our previous article, we talked about acquiring tablets running Windows 8 and 8.1. In this publication, we will talk about the acquisition of Windows computers – desktops and laptops. This class … Read more

Capturing RAM Dumps and Imaging eMMC Storage on Windows Tablets

12th May 20201st May 2015

While Windows desktops and laptops are relatively easy to acquire, the same cannot be said about portable Windows devices such as tablets and convertibles (devices with detachable keyboards). Having no … Read more

Windows Logon Password – Get Windows Logon Password using Wdigest in Memory Dump

12th May 202028th April 2014

1. Introduction

The former way to acquire the Windows logon password of user is to get a NTML hash value through the Windows logon session and registry then crack it. [Figure 1] shows the well-known ways to get a NTML … Read more

Retrieving Digital Evidence: Methods, Techniques and Issues

12th May 202011th July 2012

by Yuri Gubanov [email protected]
Belkasoft Ltd. http://belkasoft.com

Abstract

This article describes the various types of digital forensic evidence available on users’ PC and laptop computers, and discusses methods of retrieving such evidence.

Download article in PDF format

Introduction

A recent … Read more