Abstract

ABSTRACT As part of the incident response process, the memory forensics tools extract forensic artifacts and display them. Many memory forensics analysis tools are being developed to address the challenges of modern cybercrimes. Investigations are successful when they have an accurate analysis provided by a memory forensics tool that consumes resources reasonably. This paper presents a comparative analysis of three dominant memory forensics tools: Volatility, Autopsy, and Redline. We consider three malware behaviour scenarios and evaluate the forensics capabilities of these tools in each. We also experimentally measure the CPU and memory consumption of each for memory analysis in other operational states. We find that Volatility provides the most accurate memory analysis. Our measurements show that Redline consumes more CPU resources, and Autopsy needs more memory resources to analyze a memory image file. The results of our investigation will hopefully lead to tool improvement and more informed choices by users.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Memory Analysis of macOS Page Queues
Andrew Case ... Golden G Richard
Forensic Science International: Digital Investigation | VOL. 33
Andrew Case, et. al.Andrew Case ... Golden G Richard
01 Jul 2020
MEMORY FORENSIC: ACQUISITION AND ANALYSIS OF MEMORY AND ITS TOOLS COMPARISON
Mital Parekh ... Snehal Jani
International Journal of Engineering Technologies and Management Research | VOL. 5
Mital Parekh, et. al.Mital Parekh ... Snehal Jani
27 Apr 2020
AutoProfile: Towards Automated Profile Generation for Memory Analysis
Fabio Pagani ... Davide Balzarotti
ACM Transactions on Privacy and Security | VOL. 25
Fabio Pagani, et. al.Fabio Pagani ... Davide Balzarotti
23 Nov 2021
Parent process termination: an adversarial technique for persistent malware
Mahdi Daghmehchi Firoozjaei ... Ali A. Ghorbani
Journal of Cyber Security Technology | VOL. 8
Mahdi Daghmehchi Firoozjaei, et. al.Mahdi Daghmehchi Firoozjaei ... Ali A. Ghorbani
19 Aug 2023
View more papers

More From: Journal of Cyber Security Technology

Paper Title
Journal
Date
Author
Data reorganization for image encryption: presentation in the data of hare
Hana Ali-Pacha ... Adnan Gutub
Journal of Cyber Security Technology | VOL. ahead-of-print
Hana Ali-Pacha, et. al.Hana Ali-Pacha ... Adnan Gutub
03 Oct 2024
An investigation on cyber espionage ecosystem
Mohiuddin Ahmed ... Matthew Gaber
Journal of Cyber Security Technology | VOL. ahead-of-print
Mohiuddin Ahmed, et. al.Mohiuddin Ahmed ... Matthew Gaber
22 Sep 2024
Monitoring cybersecurity technology through the years: a technology mining approach through bibliometrics and patent analysis
Tugrul Daim ... Alain Mermoud
Journal of Cyber Security Technology | VOL. ahead-of-print
Tugrul Daim, et. al.Tugrul Daim ... Alain Mermoud
20 Sep 2024
An enhanced conventional neural network schema for structural class-based software fault prediction
Faisal Nabi ... Raj Gururajan
Journal of Cyber Security Technology | VOL. ahead-of-print
Faisal Nabi, et. al.Faisal Nabi ... Raj Gururajan
13 Sep 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.