A Novel Memory Forensics Technique for Windows 10
Published: 2016
Author(s) Name: Azad Singh, Pankaj Sharma, Sakshi Sharma |
Author(s) Affiliation: Department of Computer science and Applications, Kurukshetra University, Kurukshetra, Haryana, India
Locked
Subscribed
Available for All
Abstract
Volatile memory forensics, henceforth referred to as memory forensics, is a subset of digital forensics, which deals with the preservation of the contents of memory of a computing device and the subsequent examination of that memory. The memory of a system typically contains useful runtime information. Such memories are volatile, causing the contents of memory to rapidly decay once no longer supplied with power. Using memory forensic techniques, it is possible to extract an image of the systems memory while it is still running, creating a copy that can be examined at a later point in time, even after the system has been turned off
and the data contained within the original RAM has dissipated. This paper describe the implementation of the technique that collect volatile artifacts extracted from the RAM dump and Hibernation file of Windows 10 operating system and shows the extracted data of various process of the system.
Keywords: Windows Forensics, Memory Forensics, Volatile Data, Volatile Digital Evidence
View PDF