Memory forensic: Acquisition and analysis mechanism for operating systems

Abstract

Memory forensics is also known as memory analysis, which deals with the estimation of the changeable data in a system memory repository. In order to investigate and detect the attacks, the professionals perform the memory forensics to interpret the nature of the malware i.e. do not easily traceable on hard drive data. Due to the daily advancement in technological landscape the memory forensic mechanism is emerging trends because the nature of the attacks changing drastically. The general developed defense mechanisms such as anti-malware are not enough capable to deal with the computer threats. Therefore, the latest defense mechanism is directly embedded into the physical memory like RAM and opens the valuable scope of the memory forensic. From last a few decades, the technology and cybercrimes parallelly growing drastically. There are multiple reasons to perform the cyber attacks such as theft and harm the sensitive military data, targeting to ruin the energy system, identity theft of trade secrets, and cyber defamation. Memory-based forensic techniques are becoming very instrumental in digital investigations. This objective of this paper is to help and make it easy to understand the investigator in the process of the developing tools and techniques by considering different aspects of memory analysis and investigation.