Memory Forensics: Review of Acquisition and Analysis Techniques

Abstract

This document presents an overview of the most common memory forensics techniques used in the acquisition and analysis of a system's volatile memory. Memory forensics rose from obscurity in 2005 in response to a challenge issued by the Digital Forensics Research Workshop (DFRWS). Since then, investigators and researchers alike have begun to recognise the important role that memory forensics can play in a robust investigation. Volatile memory, or Random Access Memory (RAM), contains a wealth of information regarding the current state of a device. Memory forensics techniques examine RAM to extract information such as passwords, encryption keys, network activity, open files and the set of processes and threads currently running within an operating system. This information can help investigators reconstruct the events surrounding criminal use of technology or computer security incidents.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2013
Accession Number
ADA594490

Entities

People

  • Grant Osbourne

Organizations

  • Defence Science and Technology Group

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Acquisition
  • Central Processing Units
  • Computational Forensics
  • Computer Program Documentation
  • Computer Program Reliability
  • Computer Programming
  • Computer Programs
  • Computers
  • Cybersecurity
  • Debugging
  • First Responders
  • Forensic Analysis
  • Malware
  • Network Protocols
  • Operating Systems
  • Reliability
  • Web Browsers

Readers

  • Cybersecurity.
  • Integrated Circuit Design and Technology.
  • Systems Analysis and Design

Technology Areas

  • Cyber