![]() ![]() Commonly referred to as address translation, this task requires a thorough understanding of the memory management mechanisms of the hardware architecture and operating system version of the device from which the memory sample was acquired. A core task of these frameworks is the discovery and reordering of non-contiguous physical pages in a memory sample into the ordered virtual address spaces used by the operating system and running processes to organize their code and data. To analyze memory samples, an investigator can use one of several available memory analysis frameworks, which are responsible for parsing and presenting the raw data in a meaningful way. Memory forensics has become mainstream in recent years because it allows recovery of a wide variety of artifacts that are never written to the file system and are therefore not available when performing traditional filesystem forensics. ![]() Memory forensics is the examination of volatile memory (RAM) for artifacts related to a digital investigation. This will require tool researchers (developers) to spend more time on code documentation and preferably develop plugins instead of stand-alone tools. In order to enhance the status quo, one recommendation is a centralized repository specifically for tested tools. Only 33 of these tools were found to be publicly available, the majority of these were not maintained after development. ![]() For this paper we analyzed almost 800 articles from pertinent venues from 2014 to 2019 to answer the following three questions (1) what tools (i.e., in which domains of digital forensics): have been released (2) are they still available, maintained, and documented and (3) are there possibilities to enhance the status quo? We found 62 different tools which we categorized according to digital forensics subfields. ![]() However, there has been no study on the tools to understand better what is available and what is missing. These tools are often released to the public for others to reproduce results or use them for their own purposes. Publications in the digital forensics domain frequently come with tools – a small piece of functional software. ![]()
0 Comments
Leave a Reply. |