Memory forensic: detecting unusual intrusion activity in dump of RAM memory using FTK imager

Memory forensic: detecting unusual intrusion activity in dump of RAM memory using FTK imager

연구 분야: Analysis

학회: International Journal of Information Technology

Memory forensics helps the forensic investigator to detect any unusual activity. In this paper, we have discussed memory forensics and how to dump the content of primary memory RAM (Random Access Memory) using the FTK (Forensic Tool Kit) Imager tool. This memory dump helps to detect unusual activity in the systems, and we have also demonstrated the detection of hacker activities (find the traces of ping commands initiated by a hacker, get the traces of credentials used by the hacker) in the memory dump. Our proposed memory forensics methodology is based on the Identification, Prevention, Analysis, Documentation, and Presentation methodology. Our proposed technique will help law enforcement agencies, government organisations, and cyber forensic investigators to solve high-level cybercrimes.