A survey of main memory acquisition and analysis techniques for the windows operating system |
| |
| Authors: | Stefan Vömel Felix C Freiling |
| |
| Institution: | Department of Computer Science, Friedrich-Alexander University of Erlangen-Nuremberg, Am Wolfsmantel 46, 91058 Erlangen-Tennenlohe, Germany |
| |
| Abstract: | Traditional, persistent data-oriented approaches in computer forensics face some limitations regarding a number of technological developments, e.g., rapidly increasing storage capabilities of hard drives, memory-resident malicious software applications, or the growing use of encryption routines, that make an in-time investigation more and more difficult. In order to cope with these issues, security professionals have started to examine alternative data sources and emphasize the value of volatile system information in RAM more recently. In this paper, we give an overview of the prevailing techniques and methods to collect and analyze a computer's memory. We describe the characteristics, benefits, and drawbacks of the individual solutions and outline opportunities for future research in this evolving field of IT security. |
| |
| Keywords: | Memory forensics Memory acquisition Memory analysis Live forensics Microsoft windows |
| 本文献已被 ScienceDirect 等数据库收录! |
|
