24 C
Jaipur
Wednesday, October 21, 2020

Live Cyber Forensics Analysis with Computer Volatile Memory

Must read

telia company: Telecom operator Telia core profit tops forecast – Latest News

STOCKHOLM: Nordic telecom operator Telia Company on Wednesday reported quarterly core earnings ahead of market expectations aided by cost savings and said it had...

DJI Pocket 2 with better camera, audio system launched

DJI has launched the second iteration of the Osmo Pocket called DJI Pocket 2. It’s a stabilised mini camera that can record in...

JioPages: Reliance Jio launches ‘made-in-India’ browser, JioPages: Features and how to download

Reliance Jio has launched a made-in-India browser, JioPages. The company claims that JioPages focusses on data-privacy and gives users full...

This is the only country where Apple has to provide free EarPods with iPhone 12 by law

Apple is no longer providing EarPods and the charging adapter with any of its iPhones. Citing environmental reasons, Apple has trimmed the...

Forensics Analysis

The field of computer Forensics Analysis involves identifying, extracting, documenting, and preserving information that is stored or transmitted in an electronic or magnetic form (that is, digital evidence).

You can Also Learn Computer Forensics & Cyber Crime Investigation. Using Open Source Tools to enhance more skills.

Forensics Analysis – Volatile Data:

  • The data that is held in temporary storage in the system’s memory (including random access memory, cache memory, and the onboard memory of system peripherals such as the video card or NIC) is called volatile data because the memory is dependent on electric power to hold its contents.
  • When the system is powered off or if power is disrupted, the data disappears.

How to Collect Volatile Data:

  • There are lots of tools to collect volatile memory for live forensics or incident response.In this, we are going to use Belkasoft live ram Capture Tool.
  • After the capture of live data of RANDOM ACCESS MEMORY, we will analyze with Belkasoft Evidence Center Ultimate Tool.

Also Read Windows Registry Analysis – Tracking Everything You Do on the System

Acquisition of live Volatile Memory:

Run the tool as an administrator and start the capture.

Dump File Format:

After the successful capture of live Ram memory. The file is will be saved in .mem extension.

Evidence File Analyser:

Belkasoft Evidence Center Ultimate Tool to analyze volatile memory.

As a forensic examiner or Incident Responder should record everything about physical device appearance, Case number, Model Number of Laptop or Desktop etc.

Click the Ram Image and enter the path of the .mem file which is live ram dump file.

Also Read Indicator Of Attack(IoA’s) And Activities – SOC/SIEM – A Detailed Explanation

Malicious Activites on the Public website

In this above picture, the attacker is trying for SQL Injection on Public Website.

Anonymous Vpn

In this above figure attacker installed and executed Cyberghost Vpn for hiding the source ip address.

Mail Inbox

The attacker has logged on with some public mail servers, now forensic examiner able to read inbox emails.

Recent File Accessed

Attackers last accessed file directory paths. Forensics examiner will have priority to investigate this path for suspicious files.

Pictures

Recent Pictures downloaded from websites which will be stored in the cache memory.

There are many relatively new tools available that have been developed in order to
recover and dissect the information that can be gleaned from volatile memory.

This is a relatively new and fast-growing field many forensic analysts do not know or take the advantage of these assets.

Volatile memory may contain many pieces of information relevant to a forensic investigation, such as passwords, cryptographic keys, and other data.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and Hacking New updates

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

telia company: Telecom operator Telia core profit tops forecast – Latest News

STOCKHOLM: Nordic telecom operator Telia Company on Wednesday reported quarterly core earnings ahead of market expectations aided by cost savings and said it had...

DJI Pocket 2 with better camera, audio system launched

DJI has launched the second iteration of the Osmo Pocket called DJI Pocket 2. It’s a stabilised mini camera that can record in...

JioPages: Reliance Jio launches ‘made-in-India’ browser, JioPages: Features and how to download

Reliance Jio has launched a made-in-India browser, JioPages. The company claims that JioPages focusses on data-privacy and gives users full...

This is the only country where Apple has to provide free EarPods with iPhone 12 by law

Apple is no longer providing EarPods and the charging adapter with any of its iPhones. Citing environmental reasons, Apple has trimmed the...

Vivo V20 Pro to launch in India in November, confirms India CEO

Vivo is soon going to launch its Vivo V20 Pro smartphone in India. The confirmation of the India launch of the handset...