Role of Hibernation File in Memory Forensics of windows 10
نویسندگان
چکیده
Azad Singh M.Tech Student, Department of Computer Science & Applications, Kuruksheta University, Kurukshetra-136119 [email protected] Pankaj Sharma M.Tech Student, Department of Computer Science & Applications, Kuruksheta University, Kurukshetra-136119 [email protected] RajenderNath Professor, Department of Computer Science & Applications, Kuruksheta University, Kurukshetra-136119 [email protected]
منابع مشابه
Forensic Carving of Network Packets and Associated Data Structures
Using validated carving techniques, we show that popular operating systems (e.g. Windows, Linux, and OSX) frequently have residual IP packets, Ethernet frames, and associated data structures present in system memory from long-terminated network traffic. Such information is useful for many forensic purposes including establishment of prior connection activity and services used; identification of...
متن کاملNetwork Connections Information Extraction of 64-Bit Windows 7 Memory Images
Memory analysis technique is a key element of computer live forensics, and how to get status information of network connections is one of the difficulties of memory analysis and plays an important roles in identifying attack sources. It is more difficult to find the drivers and get network connections information from a 64-bit win7 memory image file than its from a 32-bit operating system memor...
متن کاملModern windows hibernation file analysis
This paper presents the first analysis of the new hibernation file format that is used in Windows versions 8, 8.1, and 10. We also discuss several changes in the hibernation and shutdown behavior of Windows that will have a direct impact on digital forensic practitioners who use hibernation files as sources of
متن کاملAn adaptive approach for Linux memory analysis based on kernel code reconstruction
Memory forensics plays an important role in security and forensic investigations. Hence, numerous studies have investigated Windows memory forensics, and considerable progress has been made. In contrast, research on Linux memory forensics is relatively sparse, and the current knowledge does not meet the requirements of forensic investigators. Existing solutions are not especially sophisticated,...
متن کاملIn lieu of swap: Analyzing compressed RAM in Mac OS X and Linux
The forensics community is increasingly embracing the use of memory analysis to enhance traditional storage-based forensics techniques, because memory analysis yields a wealth of information not available on non-volatile storage. Memory analysis involves capture of a system's physical memory so that the live state of a system can be investigated, including executing and terminated processes, ap...
متن کامل