{"title":"Research on Electronic Data Forensics Based on RAM","authors":"Cong Wang, Yuancheng Zhao, Jianhu Dong","doi":"10.1109/ISCEIC53685.2021.00036","DOIUrl":null,"url":null,"abstract":"Electronic data forensics is the process of obtaining, preserving, analyzing and presenting evidence for computer invasion, destruction, fraud, attack and other criminal acts. Some key digital evidence of cybercrime exists in physical memory or stored in page exchange files, so memory forensics is an important part of electronic data forensics. This paper studies RAM-based electronic data forensics with the use of the memory forensics tool Volatility. By obtaining the memory data of real equipment, cloud computing, virtual machine or virtual devices, performing the extraction and analysis of process information, registry, network connection, strings, access records and other contents, and extracting the digital evidence related to network attack or network crime.","PeriodicalId":342968,"journal":{"name":"2021 2nd International Symposium on Computer Engineering and Intelligent Communications (ISCEIC)","volume":"75 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 2nd International Symposium on Computer Engineering and Intelligent Communications (ISCEIC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCEIC53685.2021.00036","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Electronic data forensics is the process of obtaining, preserving, analyzing and presenting evidence for computer invasion, destruction, fraud, attack and other criminal acts. Some key digital evidence of cybercrime exists in physical memory or stored in page exchange files, so memory forensics is an important part of electronic data forensics. This paper studies RAM-based electronic data forensics with the use of the memory forensics tool Volatility. By obtaining the memory data of real equipment, cloud computing, virtual machine or virtual devices, performing the extraction and analysis of process information, registry, network connection, strings, access records and other contents, and extracting the digital evidence related to network attack or network crime.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
