Journal of Network and Information Security

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

A Novel Memory Forensics Technique for Windows 10


Affiliations
1 Department of Computer Science and Applications, Kurukshetra University, Kurukshetra, Haryana, India
     

   Subscribe/Renew Journal


Volatile memory forensics, henceforth referred to as memory forensics, is a subset of digital forensics, which deals with the preservation of the contents of memory of a computing device and the subsequent examination of that memory. The memory of a system typically contains useful runtime information. Such memories are volatile, causing the contents of memory to rapidly decay once no longer supplied with power. Using memory forensic techniques, it is possible to extract an image of the system's memory while it is still running, creating a copy that can be examined at a later point in time, even after the system has been turned off and the data contained within the original RAM has dissipated. This paper describe the implementation of the technique that collect volatile artifacts extracted from the RAM dump and Hibernation file of Windows 10 operating system and shows the extracted data of various process of the system.


Keywords

Windows Forensics, Memory Forensics, Volatile Data, Volatile Digital Evidence.
Subscription Login to verify subscription
User
Notifications
Font Size



  • A Novel Memory Forensics Technique for Windows 10

Abstract Views: 510  |  PDF Views: 0

Authors

Azad Singh
Department of Computer Science and Applications, Kurukshetra University, Kurukshetra, Haryana, India
Pankaj Sharma
Department of Computer Science and Applications, Kurukshetra University, Kurukshetra, Haryana, India
Sakshi Sharma
Department of Computer Science and Applications, Kurukshetra University, Kurukshetra, Haryana, India

Abstract


Volatile memory forensics, henceforth referred to as memory forensics, is a subset of digital forensics, which deals with the preservation of the contents of memory of a computing device and the subsequent examination of that memory. The memory of a system typically contains useful runtime information. Such memories are volatile, causing the contents of memory to rapidly decay once no longer supplied with power. Using memory forensic techniques, it is possible to extract an image of the system's memory while it is still running, creating a copy that can be examined at a later point in time, even after the system has been turned off and the data contained within the original RAM has dissipated. This paper describe the implementation of the technique that collect volatile artifacts extracted from the RAM dump and Hibernation file of Windows 10 operating system and shows the extracted data of various process of the system.


Keywords


Windows Forensics, Memory Forensics, Volatile Data, Volatile Digital Evidence.

References