An evaluation platform for forensic memory acquisition software |
| |
| Affiliation: | Department of Computer Science, Friedrich-Alexander University of Erlangen-Nuremberg, Martensstraße 3, 91058 Erlangen, Germany |
| |
| Abstract: | Memory forensics has gradually moved into the focus of researchers and practitioners alike in recent years. With an increasing effort to extract valuable information from a snapshot of a computer's RAM, the necessity to properly assess the respective solutions rises as well. In this paper, we present an evaluation platform for forensic memory acquisition software. The platform is capable of measuring distinct factors that determine the quality of a generated memory image, specifically its correctness, atomicity, and integrity. Tests are performed for three popular open source applications, win32dd, WinPMEM, and mdd, as well as for different memory sizes. |
| |
| Keywords: | Memory forensics Memory acquisition Live forensics Evaluation Metrics Correctness Atomicity Integrity of a memory snapshot Forensic soundness |
| 本文献已被 ScienceDirect 等数据库收录! |
|
