Identifying Volatile Data from Multiple Memory Dumps in Live Forensics

Law, Frank Y. W.; Chan, Patrick; Yiu, Siu-Ming; Tang, Benjamin; Lai, Pierre K. Y.; Chow, Kam-Pui; Ieong, Ricci S. C.; Kwan, Mei Po; Hon, Wing-Kai; Hui, Lucas Chi Kwong

doi:10.1007/978-3-642-15506-2_13

Cited by 4 publications

(1 citation statement)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recent work attempts to leverage multiple memory dumps using a tool called "CMAT". CMAT parses a memory dump to find active, inactive and hidden processes as well as system registry information [20] Complementing the existing semantic approaches, our work focuses on the process of acquiring the system state and thus, it is an enabling technology that enhances the value of existing memory analysis mechanisms.…”

Section: Related Workmentioning

confidence: 99%

Firmware-assisted Memory Acquisition and Analysis tools for Digital Forensics

Wang

Zhang

Sun

et al. 2011

2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering

View full text Add to dashboard Cite

Abstract-Being able to inspect and analyze the operational state of commodity machines is crucial for modern digital forensics. Indeed, volatile system state including memory data and CPU registers contain information that cannot be directly inferred or reconstructed by acquiring the contents of the nonvolatile storage. Unfortunately, it still remains an open problem how to reliably and consistently retrieve the volatile machine state without disrupting its operation. In this paper, we propose to leverage commercial PCI network cards and the current x86 implementation of System Management Mode to reliably replicate the physical memory and critical CPU registers from commodity hardware. Furthermore, we demonstrate how remote state replication can be used for semantic reconstruction, where the analysis of memory structures enables us to interactively perform forensic analysis of the machine's memory content.

show abstract

Section: Related Workmentioning

confidence: 99%

Firmware-assisted Memory Acquisition and Analysis tools for Digital Forensics

Wang

Zhang

Sun

et al. 2011

2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering

View full text Add to dashboard Cite

show abstract

On the Scientific Maturity of Digital Forensics Research

Olivier

Grüner

2013

Advances in Digital Forensics IX

View full text Add to dashboard Cite

This paper applies a scientific maturity grade schema from the software engineering domain to research in the field of digital forensics. On the basis of this maturity schema and its grades, the paper classifies the current maturity of digital forensics research. The findings show that much more research conducted at higher levels of "scientificness" is necessary before the new field of digital forensics can be considered to be scientifically mature.

show abstract