Journal of Network and Information Security

1. Azad Singh – Department Of Computer Science And Applications, Kurukshetra University, Kurukshetra, Haryana, India

2. Pankaj Sharma – Department Of Computer Science And Applications, Kurukshetra University, Kurukshetra, Haryana, India

3. Sakshi Sharma – Department Of Computer Science And Applications, Kurukshetra University, Kurukshetra, Haryana, India

Received
23-Mar-2017
Accepted
-
Published
23-Mar-2017
Abstract
Volatile memory forensics, henceforth referred to as memory forensics, is a subset of digital forensics, which deals with the preservation of the contents of memory of a computing device and the subsequent examination of that memory. The memory of a system typically contains useful runtime information. Such memories are volatile, causing the contents of memory to rapidly decay once no longer supplied with power. Using memory forensic techniques, it is possible to extract an image of the systems memory while it is still running, creating a copy that can be examined at a later point in time, even after the system has been turned off and the data contained within the original RAM has dissipated. This paper describe the implementation of the technique that collect volatile artifacts extracted from the RAM dump and Hibernation file of Windows 10 operating system and shows the extracted data of various process of the system.
Locked
Subscribed
Open Access