Authors :
Dilushinie Narmada Fernando; Dr. Lakmal Rupasinghe
Volume/Issue :
Volume 7 - 2022, Issue 3 - March
Google Scholar :
http://bitly.ws/gu88
Scribd :
https://bit.ly/36JnaH0
DOI :
https://doi.org/10.5281/zenodo.6385761
Abstract :
According to many research findings, the
volatile memory has become a more vital space used by
attackers and malicious users to store data that needs to be
covert from others and avoid reverse-engineering. Since
most incident response teams seldom study the volatile
memory and lack the knowledge and equipment needed to
extract information from it, there is plenty of data to back
this up. Furthermore, the recent development of malicious
codes can remain in the memory without affecting the
physical disk. Therefore security analysts must prioritize
and investigate the volatile memory as an important
component rather than being following traditional logic
thinking that the malicious users will only look into hard
disk storage. The Volatility Framework is an open-source
and free set of tools to analyze computer memory. This
framework provides many options for data analysis in
different aspects as a command-line interface. This makes
complications for forensic analysts to memorize and use
the tools and plugins. This research offers a GUI and
extensions for the Volatility Framework, which simplifies
the usage and provides a time-saving approach as the
investigators do not want to memorize long command
sequences.
Keywords :
Volatility Framework; Forensic Investigation.
According to many research findings, the
volatile memory has become a more vital space used by
attackers and malicious users to store data that needs to be
covert from others and avoid reverse-engineering. Since
most incident response teams seldom study the volatile
memory and lack the knowledge and equipment needed to
extract information from it, there is plenty of data to back
this up. Furthermore, the recent development of malicious
codes can remain in the memory without affecting the
physical disk. Therefore security analysts must prioritize
and investigate the volatile memory as an important
component rather than being following traditional logic
thinking that the malicious users will only look into hard
disk storage. The Volatility Framework is an open-source
and free set of tools to analyze computer memory. This
framework provides many options for data analysis in
different aspects as a command-line interface. This makes
complications for forensic analysts to memorize and use
the tools and plugins. This research offers a GUI and
extensions for the Volatility Framework, which simplifies
the usage and provides a time-saving approach as the
investigators do not want to memorize long command
sequences.
Keywords :
Volatility Framework; Forensic Investigation.