The month of May saw a robust, diverse set of academic papers published. Tools and techniques are as present as ever — focusing that month on Windows 10 and mobile malware — but so are discussions about how to ensure … Read more
memory forensics
How To Use AXIOM In Malware Investigations: Part I
Hey everyone, Tara Nelson here with Magnet Forensics. Today I’m going to give a little bit of insight into how AXIOM can help with some of your day-to-day investigations.
In part one of the segment we’re going to talk a … Read more
Memory Dump Formats
by Chirath De Alwis
As in other storage devices, volatile memory also has several formats. According to the acquisition method that is in use, the captured file format can be vary. According to (Ligh et al, 2018) the most commonly … Read more
Linux Memory Forensics: Dissecting the User Space Process Heap
by Frank Block and Andreas Dewald
Abstract
The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process … Read more
RAM Forensic Analysis
by Eliézer Pereira
1 Goal
The purpose of this article is show how to perform a RAM memory forensic analysis, presenting some examples of information that can be retrieved and analyzed to help identify indications of security incidents as well … Read more
Digital Forensic Investigational Tool For Volatile Browser Based Data Analysis in Windows 8 OS
by W.Chirath De Alwis, School of Computing, Asia Pacific Institute of Information Technology, Colombo, Sri Lanka
Abstract
Cyber security threats on sensitive resources have increased recently and it has increased the need for digital forensic analysis tools. Digital evidence can … Read more
Acquiring Windows PCs
by Oleg Afonin, Danil Nikolaev and Yuri Gubanov
In our previous article, we talked about acquiring tablets running Windows 8 and 8.1. In this publication, we will talk about the acquisition of Windows computers – desktops and laptops. This class … Read more
Capturing RAM Dumps and Imaging eMMC Storage on Windows Tablets
Oleg Afonin, Danil Nikolaev, Yuri Gubanov
© Belkasoft Research 2015
While Windows desktops and laptops are relatively easy to acquire, the same cannot be said about portable Windows devices such as tablets and convertibles (devices with detachable keyboards). Having no … Read more
Windows Logon Password – Get Windows Logon Password using Wdigest in Memory Dump
1. Introduction
The former way to acquire the Windows logon password of user is to get a NTML hash value through the Windows logon session and registry then crack it. [Figure 1] shows the well-known ways to get a NTML … Read more
Retrieving Digital Evidence: Methods, Techniques and Issues
by Yuri Gubanov [email protected]
Belkasoft Ltd. http://belkasoft.com
Abstract
This article describes the various types of digital forensic evidence available on users’ PC and laptop computers, and discusses methods of retrieving such evidence.
Download article in PDF format
Introduction
A recent … Read more
The Importance of Memory Search and Analysis
First published October 2009
by Access Data
www.accessdata.com
Introduction
… Read more Historically, criminal or corporate investigations involving computer equipment began by immediately disconnecting any compromised machines from the network, powering them down, and securing them in a proper environment where they would
Digital forensics of the physical memory
First published September 2005
Mariusz Burdach
[email protected]
Warsaw, March 2005
last update: July 11, 2005
Abstract
This paper presents methods by which physical memory from a compromised machine can be analyzed. Through this methods, it is possible to extract useful … Read more