The widespread availability and extensive use of Internet across the world has caught attention of the criminals and digital crimes are occurring at an epidemic scale nowadays. The field of digital forensics is constantly evolving by employing new tools and technique to counter novel approaches employed by the criminals as well as to investigate the nature of the criminal activity and bring the culprits to justice. Traditionally, the static analysis was used to investigate the digital incidents. But due to advancement in technology and the fact that hackers are developing malware that do not leave footprint on the hard disk, the need for performing live digital forensic analysis in addition to the static analysis has become imperative. Live forensic analysis techniques have evolved during the last decade to analyses the memory content to get a better picture of the running application programmers, processes and active binaries. In this study, we look into different techniques of live analysis and critically review them by identifying their benefits and limitations. The key areas focused in this study pertain to virtualization, pagefile extraction and identifying the encryption keys.
The field of digital forensic analysis has emerged in the past two decades to counter the digital crimes and investigate the modus operandi of the culprits to secure the computer systems. With the advances in technologies and pervasive nature of the computing devices, the digital forensic analysis is becoming a challenging task. Due to ease of digital equipment and popularity of Internet, criminals have been enticed to carry out digital crimes. Digital forensic is aimed to investigate the criminal activity and bring the culprits to justice. Traditionally the static analysis is used to investigate about an incident but due to a lot of issues related the accuracy and authenticity of the static analysis, the live digital forensic analysis shows an investigator a more complete picture of memory dump. In this paper, we introduce a module for profiling behavior of application programs. Profiling of application is helpful in forensic analysis as one can easily analyze the compromised system. Profiling is also helpful to the investigator in conducting malware analysis as well as debugging a system. The concept of our model is to trace the unique process name, loaded services and called modules of the target system and store it in a database for future forensic and malware analysis. We used VMware workstation version 9.0 on Windows 7 platform so that we can get the detailed and clean image of the current state of the system. The profile of the target application includes the process name, modules and services which are specific to an application program.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.