Live Memory Forensic: Capture and Analyzing Volatile Data

  • Rabia Mehmood Department of Computer Sciences, COMSATS University, Lahore
Keywords: malware, Volatility, FTK Imager, Live Memory Forensics, incorrupt, data privacy, evidence handling.

Abstract

As almost 90% of malware is resident in memory, live memory forensics is an essential part of cybersecurity. Live memory forensics refers to the process of analyzing computer RAM or volatile memory (which is lost after rebooting) while the computer is running. This article provides depth on live memory forensics, which is key in the detection and analysis of cyber threats and forensics investigations. Case studies and actual events demonstrate how this method can detect unauthorized access and discover hidden malware, which will help law enforcement investigators. The practical uses of Live Memory Forensics are illustrated using real world examples. Currently, live memory forensics are faced with the temporal nature of volatile data, other technical challenges, the instantiation of indirect data related to data privacy, and evidence handling problems. The paper emphasizes the importance of moral attitude and careful handling of data to keep the forensic process incorrupt. Investigators and cybersecurity professionals should now have a good understanding of live memory forensics and how to utilize live memory forensics to enhance security across borders, not just as a detective technique.

Published
2024-09-12