Methods and Tools for Investigating Attacks - Memory Forensics

Lixun Peng; Gabriela Mogos

doi:10.1145/3565291.3565342

Methods and Tools for Investigating Attacks - Memory Forensics

Lixun Peng, Gabriela Mogos

Xi'an Jiaotong-Liverpool University

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

Abstract

The memory of network attack and the reclusion of network crime make part of the key digital evidence only exist in physical memory or temporarily stored in the page exchange file, which makes the traditional file system-based computer forensics can not effectively deal with. Memory forensics as important supplement of traditional file system, is an important part of computer forensics science, through comprehensive access to memory data memory data, detailed analysis, based on the extraction and attack or network crime related to digital evidence, in recent years, sustained attention, memory forensics has won the security community obtained rapid development and wide application, in the network emergency response and network crime investigation play an irreplaceable role. We motivate this research from the perspective of the key points and core elements involved in memory forensics analysis. This paper presents a comprehensive theoretical exposition and framework analysis on memory forensics, combined with the practice of specific tools.

Original language	English
Title of host publication	ICBDT 2022 - 2022 5th International Conference on Big Data Technologies
Publisher	Association for Computing Machinery
Pages	314-319
Number of pages	6
ISBN (Electronic)	9781450396875
DOIs	https://doi.org/10.1145/3565291.3565342
Publication status	Published - 23 Sept 2022
Event	5th International Conference on Big Data Technologies, ICBDT 2022 - Virtual, Online, China Duration: 23 Sept 2022 → 25 Sept 2022

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	5th International Conference on Big Data Technologies, ICBDT 2022
Country/Territory	China
City	Virtual, Online
Period	23/09/22 → 25/09/22

Keywords

attacks
digital forensics
memory forensics
prevention
threats

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1145/3565291.3565342

Cite this

@inproceedings{f5d35192c5ca402191b7583deb02ca14,

title = "Methods and Tools for Investigating Attacks - Memory Forensics",

abstract = "The memory of network attack and the reclusion of network crime make part of the key digital evidence only exist in physical memory or temporarily stored in the page exchange file, which makes the traditional file system-based computer forensics can not effectively deal with. Memory forensics as important supplement of traditional file system, is an important part of computer forensics science, through comprehensive access to memory data memory data, detailed analysis, based on the extraction and attack or network crime related to digital evidence, in recent years, sustained attention, memory forensics has won the security community obtained rapid development and wide application, in the network emergency response and network crime investigation play an irreplaceable role. We motivate this research from the perspective of the key points and core elements involved in memory forensics analysis. This paper presents a comprehensive theoretical exposition and framework analysis on memory forensics, combined with the practice of specific tools.",

keywords = "attacks, digital forensics, memory forensics, prevention, threats",

author = "Lixun Peng and Gabriela Mogos",

note = "Publisher Copyright: {\textcopyright} 2022 ACM.; 5th International Conference on Big Data Technologies, ICBDT 2022 ; Conference date: 23-09-2022 Through 25-09-2022",

year = "2022",

month = sep,

day = "23",

doi = "10.1145/3565291.3565342",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "314--319",

booktitle = "ICBDT 2022 - 2022 5th International Conference on Big Data Technologies",

}

Peng, L & Mogos, G 2022, Methods and Tools for Investigating Attacks - Memory Forensics. in ICBDT 2022 - 2022 5th International Conference on Big Data Technologies. ACM International Conference Proceeding Series, Association for Computing Machinery, pp. 314-319, 5th International Conference on Big Data Technologies, ICBDT 2022, Virtual, Online, China, 23/09/22. https://doi.org/10.1145/3565291.3565342

Methods and Tools for Investigating Attacks - Memory Forensics. / Peng, Lixun; Mogos, Gabriela.
ICBDT 2022 - 2022 5th International Conference on Big Data Technologies. Association for Computing Machinery, 2022. p. 314-319 (ACM International Conference Proceeding Series).

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

TY - GEN

T1 - Methods and Tools for Investigating Attacks - Memory Forensics

AU - Peng, Lixun

AU - Mogos, Gabriela

PY - 2022/9/23

Y1 - 2022/9/23

N2 - The memory of network attack and the reclusion of network crime make part of the key digital evidence only exist in physical memory or temporarily stored in the page exchange file, which makes the traditional file system-based computer forensics can not effectively deal with. Memory forensics as important supplement of traditional file system, is an important part of computer forensics science, through comprehensive access to memory data memory data, detailed analysis, based on the extraction and attack or network crime related to digital evidence, in recent years, sustained attention, memory forensics has won the security community obtained rapid development and wide application, in the network emergency response and network crime investigation play an irreplaceable role. We motivate this research from the perspective of the key points and core elements involved in memory forensics analysis. This paper presents a comprehensive theoretical exposition and framework analysis on memory forensics, combined with the practice of specific tools.

AB - The memory of network attack and the reclusion of network crime make part of the key digital evidence only exist in physical memory or temporarily stored in the page exchange file, which makes the traditional file system-based computer forensics can not effectively deal with. Memory forensics as important supplement of traditional file system, is an important part of computer forensics science, through comprehensive access to memory data memory data, detailed analysis, based on the extraction and attack or network crime related to digital evidence, in recent years, sustained attention, memory forensics has won the security community obtained rapid development and wide application, in the network emergency response and network crime investigation play an irreplaceable role. We motivate this research from the perspective of the key points and core elements involved in memory forensics analysis. This paper presents a comprehensive theoretical exposition and framework analysis on memory forensics, combined with the practice of specific tools.

KW - attacks

KW - digital forensics

KW - memory forensics

KW - prevention

KW - threats

UR - http://www.scopus.com/inward/record.url?scp=85145873979&partnerID=8YFLogxK

U2 - 10.1145/3565291.3565342

DO - 10.1145/3565291.3565342

M3 - Conference Proceeding

AN - SCOPUS:85145873979

T3 - ACM International Conference Proceeding Series

SP - 314

EP - 319

BT - ICBDT 2022 - 2022 5th International Conference on Big Data Technologies

PB - Association for Computing Machinery

T2 - 5th International Conference on Big Data Technologies, ICBDT 2022

Y2 - 23 September 2022 through 25 September 2022

ER -

Methods and Tools for Investigating Attacks - Memory Forensics

Abstract

Publication series

Conference

Keywords

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this