A universal taxonomy and survey of forensic memory acquisition techniques. (March 2019)
- Record Type:
- Journal Article
- Title:
- A universal taxonomy and survey of forensic memory acquisition techniques. (March 2019)
- Main Title:
- A universal taxonomy and survey of forensic memory acquisition techniques
- Authors:
- Latzo, Tobias
Palutke, Ralph
Freiling, Felix - Abstract:
- Abstract: Main memory analysis plays an increasingly important role in today's digital forensic analysis. It can be used to retrieve encryption keys or to analyze malware that solely resides in RAM. Typically, the memory is acquired prior to analysis. As of today, there exist a large number of different techniques and tools to accomplish this task that all have their own advantages and disadvantages and appear to be incompareable. In this paper, we define a taxonomy of acquisition methods based on a well-defined partial order that generalizes the concept of ring-based privilege separation. Using this taxonomy, we provide a comprehensive survey of state-of-the-art memory acquisition techniques that is agnostic towards the used operating system and the hardware architecture.
- Is Part Of:
- Digital investigation. Volume 28(2019)
- Journal:
- Digital investigation
- Issue:
- Volume 28(2019)
- Issue Display:
- Volume 28, Issue 2019 (2019)
- Year:
- 2019
- Volume:
- 28
- Issue:
- 2019
- Issue Sort Value:
- 2019-0028-2019-0000
- Page Start:
- 56
- Page End:
- 69
- Publication Date:
- 2019-03
- Subjects:
- Memory acquisition -- Memory forensics -- Memory dump -- Live forensics -- Memory analysis
Forensic sciences -- Data processing -- Periodicals
Criminal investigation -- Data processing -- Periodicals
363.250285 - Journal URLs:
- http://www.sciencedirect.com/science/journal/17422876 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.diin.2019.01.001 ↗
- Languages:
- English
- ISSNs:
- 1742-2876
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3588.396620
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 10009.xml