Memory forensics plays a pivotal role in digital investigations, providing crucial insights into the activities and artifacts of an operating system. This paper explores the application of deep learning techniques in the domain of memory forensics within the Linux environment. Linux-based systems are widely used in various contexts, including servers, embedded devices, and desktops, making memory analysis in this ecosystem of paramount importance. Traditional memory forensics techniques have relied on manual analysis, which is often time-consuming and error prone. Deep learning, a subfield of machine learning, has demonstrated remarkable capabilities in pattern recognition and feature extraction tasks. In response, this paper presents a novel framework that automates and improves memory analysis through deep learning. Key components of this framework include data collection, preprocessing, feature extraction, and model selection. We introduce a unique dataset specifically curated for Linux memory forensics, facilitating the development and evaluation of deep learning models. Our experimental results demonstrate the efficacy of using a ResNet-50 model for detecting and classifying malware from memory dumps, achieving a detection rate of 98.75% and an accuracy rate of 89% in classifying malware types. Additionally, we acknowledged the challenges and limitations of applying deep learning in memory forensics, such as model interpretability and data privacy concerns. Future research directions are discussed, including real-time memory analysis integration and techniques for handling encrypted and compressed memory data.
Read full abstract