Methods and Tools for Investigating Attacks - Memory Forensics

Methods and Tools for Investigating Attacks - Memory Forensics

연구 분야: Strategies

학회: ICBDT '22: Proceedings of the 5th International Conference on Big Data Technologies

The memory of network attack and the reclusion of network crime make part of the key digital evidence only exist in physical memory or temporarily stored in the page exchange file, which makes the traditional file system-based computer forensics can not effectively deal with. Memory forensics as important supplement of traditional file system, is an important part of computer forensics science, through comprehensive access to memory data memory data, detailed analysis, based on the extraction and attack or network crime related to digital evidence, in recent years, sustained attention, memory forensics has won the security community obtained rapid development and wide application, in the network emergency response and network crime investigation play an irreplaceable role. We motivate this research from the perspective of the key points and core elements involved in memory forensics analysis. This paper presents a comprehensive theoretical exposition and framework analysis on memory forensics, combined with the practice of specific tools.