Approaches to Selective Imaging of Live Systems via Memory Forensics

2023 3rd International Conference on Intelligent Technologies (CONIT) Pub Date : 2023-06-23 DOI:10.1109/CONIT59222.2023.10205824

Sarishma Dangi, K. Ghanshala, Sachin Sharma

{"title":"Approaches to Selective Imaging of Live Systems via Memory Forensics","authors":"Sarishma Dangi, K. Ghanshala, Sachin Sharma","doi":"10.1109/CONIT59222.2023.10205824","DOIUrl":null,"url":null,"abstract":"Modern day forensic investigations rely on forensically sound digital evidence which is acceptable in a court of law. The increase cybersecurity attacks have enormously increased the need of forensic investigations leading to a huge corpus of data. Mostly, the memory image dump is so huge for individual cases out of which the critical evidence is present in a comparatively smaller amount of memory. Selective imaging provides a way to partially image the memory of target device without necessarily copying the rest of the image that may be of little or no use to the investigation. Selective imaging allows the investigator to forensically acquire memory in a strategic manner depending upon the nature of the case at hand. In this work, we explore the realm of selective imaging and present a consolidated literature review along with the various approaches available for considering selective memory imaging for live systems to conduct forensic investigations via live memory forensics. The work concludes by pointing the research directions around selective imaging for enhancing the effectiveness of live memory forensics.","PeriodicalId":377623,"journal":{"name":"2023 3rd International Conference on Intelligent Technologies (CONIT)","volume":"120 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 3rd International Conference on Intelligent Technologies (CONIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CONIT59222.2023.10205824","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Modern day forensic investigations rely on forensically sound digital evidence which is acceptable in a court of law. The increase cybersecurity attacks have enormously increased the need of forensic investigations leading to a huge corpus of data. Mostly, the memory image dump is so huge for individual cases out of which the critical evidence is present in a comparatively smaller amount of memory. Selective imaging provides a way to partially image the memory of target device without necessarily copying the rest of the image that may be of little or no use to the investigation. Selective imaging allows the investigator to forensically acquire memory in a strategic manner depending upon the nature of the case at hand. In this work, we explore the realm of selective imaging and present a consolidated literature review along with the various approaches available for considering selective memory imaging for live systems to conduct forensic investigations via live memory forensics. The work concludes by pointing the research directions around selective imaging for enhancing the effectiveness of live memory forensics.

查看原文本刊更多论文

通过内存取证对活动系统进行选择性成像的方法

现代法医调查依赖于法医可靠的数字证据，这在法庭上是可以接受的。网络安全攻击的增加极大地增加了法医调查的需求，导致了大量的数据。大多数情况下，对于个别案例来说，内存映像转储非常大，其中关键证据存在于相对较小的内存中。选择性成像提供了一种方法，可以对目标设备的内存进行部分成像，而不必复制对调查几乎没有用处的图像的其余部分。选择性成像使调查人员能够根据手头案件的性质，以一种战略性的方式在法医上获得记忆。在这项工作中，我们探索了选择性成像领域，并提出了综合文献综述，以及考虑通过实时记忆取证对实时系统进行法医调查的选择性记忆成像的各种方法。最后指出了选择性成像提高实时记忆取证有效性的研究方向。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 3rd International Conference on Intelligent Technologies (CONIT)

自引率

0.00%

发文量