archives

memory forensics

This tag is associated with 8 posts

RAM Forensic Analysis

by Eliézer Pereira 1 Goal The purpose of this article is show how to perform a RAM memory forensic analysis, presenting some examples of information that can be retrieved and analyzed to help identify indications of security incidents as well as fraud and other illegal practices through information systems. 2 Good Practices and Techniques for Computer … Continue reading

Digital Forensic Investigational Tool For Volatile Browser Based Data Analysis in Windows 8 OS

by W.Chirath De Alwis, School of Computing, Asia Pacific Institute of Information Technology, Colombo, Sri Lanka Abstract Cyber security threats on sensitive resources have increased recently and it has increased the need for digital forensic analysis tools. Digital evidence can be extracted not only from hard drives but also from other memory resources of a computing device. … Continue reading

Acquiring Windows PCs

by Oleg Afonin, Danil Nikolaev and Yuri Gubanov In our previous article, we talked about acquiring tablets running Windows 8 and 8.1. In this publication, we will talk about the acquisition of Windows computers – desktops and laptops. This class of devices has their own share of surprises when it comes to acquisition. The obvious … Continue reading

Capturing RAM Dumps and Imaging eMMC Storage on Windows Tablets

Oleg Afonin, Danil Nikolaev, Yuri Gubanov © Belkasoft Research 2015 While Windows desktops and laptops are relatively easy to acquire, the same cannot be said about portable Windows devices such as tablets and convertibles (devices with detachable keyboards). Having no FireWire ports and supplied with a limited set of external ports, these devices make attaching … Continue reading

Windows Logon Password – Get Windows Logon Password using Wdigest in Memory Dump

1. Introduction The former way to acquire the Windows logon password of user is to get a NTML hash value through the Windows logon session and registry then crack it. [Figure 1] shows the well-known ways to get a NTML hash value of user’s windows logon password. For more information, take a look at “Dump … Continue reading

Retrieving Digital Evidence: Methods, Techniques and Issues

by Yuri Gubanov yug@belkasoft.com Belkasoft Ltd. http://belkasoft.com Abstract This article describes the various types of digital forensic evidence available on users’ PC and laptop computers, and discusses methods of retrieving such evidence. Download article in PDF format Introduction A recent research conducted by Berkeley scientists concluded that up to 93% of all information never leaves the digital domain. This … Continue reading

The Importance of Memory Search and Analysis

First published October 2009 by Access Data http://www.accessdata.com Introduction Historically, criminal or corporate investigations involving computer equipment began by immediately disconnecting any compromised machines from the network, powering them down, and securing them in a proper environment where they would be imaged and analyzed. The rationale for this approach as the first step in the … Continue reading

Digital forensics of the physical memory

First published September 2005 Mariusz Burdach Mariusz.Burdach@seccure.net Warsaw, March 2005 last update: July 11, 2005 Abstract This paper presents methods by which physical memory from a compromised machine can be analyzed. Through this methods, it is possible to extract useful information from memory such as: a full content of files, detailed information about each process … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 986 other followers