Abstract
The memory forensics techniques assist digital investigators to identify and detect remaining evidence of the attacks on the compromised system. The accuracy of performing the analysis is depend to the completeness, atomicity, and reliability of the memory acquisition output. Regarding to our research, the most current critical challenges in memory forensics are increasing the size of physical memory, the elapsed time of memory acquisition, malicious tampering and page smearing effects, and anti-forensics techniques. By addressing these challenges, we proposed an approach to determine approximately how much sequential memory acquisition at a designated time-intervals can mitigate them. This mitigation includes reducing I/O operations in memory acquisition to speed it up, diminishing malicious tampering and page smearing effects, and impact of anti-forensics techniques. The results of our experiments on different Linux operating system families show the best interval time for sequential memory acquisition is 3 minutes with the similarity ration between 9% to 23%. The proposed approach is applicable to software-based and hardware-based memory acquisition methods.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
