Forensic Investigation Tool for Volatility Framework


Authors : Dilushinie Narmada Fernando; Dr. Lakmal Rupasinghe

Volume/Issue : Volume 7 - 2022, Issue 3 - March

Google Scholar : http://bitly.ws/gu88

Scribd : https://bit.ly/36JnaH0

DOI : https://doi.org/10.5281/zenodo.6385761

Abstract : According to many research findings, the volatile memory has become a more vital space used by attackers and malicious users to store data that needs to be covert from others and avoid reverse-engineering. Since most incident response teams seldom study the volatile memory and lack the knowledge and equipment needed to extract information from it, there is plenty of data to back this up. Furthermore, the recent development of malicious codes can remain in the memory without affecting the physical disk. Therefore security analysts must prioritize and investigate the volatile memory as an important component rather than being following traditional logic thinking that the malicious users will only look into hard disk storage. The Volatility Framework is an open-source and free set of tools to analyze computer memory. This framework provides many options for data analysis in different aspects as a command-line interface. This makes complications for forensic analysts to memorize and use the tools and plugins. This research offers a GUI and extensions for the Volatility Framework, which simplifies the usage and provides a time-saving approach as the investigators do not want to memorize long command sequences.

Keywords : Volatility Framework; Forensic Investigation.

According to many research findings, the volatile memory has become a more vital space used by attackers and malicious users to store data that needs to be covert from others and avoid reverse-engineering. Since most incident response teams seldom study the volatile memory and lack the knowledge and equipment needed to extract information from it, there is plenty of data to back this up. Furthermore, the recent development of malicious codes can remain in the memory without affecting the physical disk. Therefore security analysts must prioritize and investigate the volatile memory as an important component rather than being following traditional logic thinking that the malicious users will only look into hard disk storage. The Volatility Framework is an open-source and free set of tools to analyze computer memory. This framework provides many options for data analysis in different aspects as a command-line interface. This makes complications for forensic analysts to memorize and use the tools and plugins. This research offers a GUI and extensions for the Volatility Framework, which simplifies the usage and provides a time-saving approach as the investigators do not want to memorize long command sequences.

Keywords : Volatility Framework; Forensic Investigation.

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe