Abstract

ABSTRACT As part of the incident response process, the memory forensics tools extract forensic artifacts and display them. Many memory forensics analysis tools are being developed to address the challenges of modern cybercrimes. Investigations are successful when they have an accurate analysis provided by a memory forensics tool that consumes resources reasonably. This paper presents a comparative analysis of three dominant memory forensics tools: Volatility, Autopsy, and Redline. We consider three malware behaviour scenarios and evaluate the forensics capabilities of these tools in each. We also experimentally measure the CPU and memory consumption of each for memory analysis in other operational states. We find that Volatility provides the most accurate memory analysis. Our measurements show that Redline consumes more CPU resources, and Autopsy needs more memory resources to analyze a memory image file. The results of our investigation will hopefully lead to tool improvement and more informed choices by users.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Memory Analysis of macOS Page Queues
Ryan D Maggio ... Modhuparna Manna
Forensic Science International: Digital Investigation | VOL. 33
Ryan D Maggio, et. al.Ryan D Maggio ... Modhuparna Manna
01 Jul 2020
MEMORY FORENSIC: ACQUISITION AND ANALYSIS OF MEMORY AND ITS TOOLS COMPARISON
Snehal Jani ... Mital Parekh
International Journal of Engineering Technologies and Management Research | VOL. 5
Snehal Jani, et. al.Snehal Jani ... Mital Parekh
27 Apr 2020
AutoProfile: Towards Automated Profile Generation for Memory Analysis
Fabio Pagani ... Davide Balzarotti
ACM Transactions on Privacy and Security | VOL. 25
Fabio Pagani, et. al.Fabio Pagani ... Davide Balzarotti
23 Nov 2021
Parent process termination: an adversarial technique for persistent malware
Mahdi Daghmehchi Firoozjaei ... Ali A Ghorbani
Journal of Cyber Security Technology | VOL. 8
Mahdi Daghmehchi Firoozjaei, et. al.Mahdi Daghmehchi Firoozjaei ... Ali A Ghorbani
19 Aug 2023
View more papers

More From: Journal of Cyber Security Technology

Paper Title
Journal
Date
Author
A graph-based method for identity resolution to assist police force investigative process
Mohammad Hossein Amirhosseini ... Michael Phillips
Journal of Cyber Security Technology | VOL. ahead-of-print
Mohammad Hossein Amirhosseini, et. al.Mohammad Hossein Amirhosseini ... Michael Phillips
25 May 2024
Secure authentication of identity information for quantum resistant IoT devices based on R-LWE and QIBE
Kun Wang
Journal of Cyber Security Technology | VOL. ahead-of-print
Kun WangKun Wang
18 May 2024
How does cybersecurity awareness help in achieving digital financial inclusion in rural India under escalating cyber fraud scenario?
Mohammed Afzal ... Mohd Shamim Ansari
Journal of Cyber Security Technology | VOL. ahead-of-print
Mohammed Afzal, et. al.Mohammed Afzal ... Mohd Shamim Ansari
15 May 2024
Analysis of linear feedback shift registers and chaos-based techniques for image encryption
Daniel Okunbor
Journal of Cyber Security Technology | VOL. ahead-of-print
Daniel OkunborDaniel Okunbor
13 Apr 2024
View more papers