Plug and Play Device for In-Depth RAM Data Repository

doi:10.23940/ijpe.24.08.p6.520528

Abstract

Abstract: The ever-changing and temporary nature of Random Access Memory (RAM) presents distinct challenges and possibilities for digital forensic investigations. This research paper offers a comprehensive analysis of RAM data retrieval techniques within the realm of forensic studies. Starting with a comprehensive explanation of the importance of RAM in forensic investigations, this paper explores the different techniques used to extract volatile data from RAM. These methods involve conducting live system analysis, memory imaging, and memory dumping techniques, each with their own set of advantages and limitations. In addition, the paper delves into the complexities of data acquisition, preservation, and analysis, taking into account factors such as system state volatility, encryption, and anti-forensic measures. In addition, this paper explores the practicality and effectiveness of RAM data retrieval methods on various operating systems and hardware setups. It assesses the strengths and weaknesses of commonly used forensic tools and frameworks for RAM analysis, showcasing their performance in practical situations. In addition, the research explores the latest developments and trends in RAM forensics. This includes the use of machine learning algorithms to automate memory analysis and the creation of specialized forensic techniques for cloud environments. Finally, this paper brings together the findings to provide valuable insights into the best practices for RAM data retrieval in forensic investigations. It highlights the significance of meticulous documentation, maintaining a clear chain of custody, and adhering to legal standards. Through the synthesis of established knowledge and the exploration of emerging trends, this research makes a significant contribution to the field of RAM forensics. It offers valuable guidance for digital forensic practitioners, law enforcement agencies, and researchers, aiding in their understanding and advancement of the subject.

Key words: ram dump, cybersecurity, data retrieval, data analysis, cyber forensics

Sudeep Varshney, Hoor Fatima, Preeti Dubey, Amit Kumar Upadhyay, and Sarthak Tyagi. Plug and Play Device for In-Depth RAM Data Repository [J]. Int J Performability Eng, 2024, 20(8): 520-528.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

References

[1] Garfinkel S.L.,2010. Digital forensics research: The next 10 years.digital investigation, 7, pp.S64-S73.
[2] O'Kane P., Sezer S. and McLaughlin K., 2011. Obfuscation: The hidden malware. IEEE Security & Privacy,9(5), pp.41-47.
[3] Hu Z., Zhu L., Heidemann J., Mankin A., Wessels D. and Hoffman P., 2016. Specification for DNS over transport layer security (TLS) (No. rfc7858).
[4] Hoffman, P. and McManus, P., 2018. DNS queries over HTTPS (DoH) (No. rfc8484).
[5] Sudhakar and Kumar, S., 2020. An emerging threat Fileless malware: a survey and research challenges.Cybersecurity, 3(1), p.1.
[6] Kolhe, M. and Ahirao, P., 2017. Live vs dead computer forensic image acquisition. International Journal of Computer Science and Information Technologies,8(3), pp.455-457.
[7] Shinagawa T., Eiraku H., Tanimoto K., Omote K., Hasegawa S., Horie T., Hirano M., Kourai K., Oyama Y., Kawai E. and Kono K., 2009, March. Bitvisor: a thin hypervisor for enforcing i/o device security. InProceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments(pp. 121-130).
[8] Hirano M., Tsuzuki T., Ikeda S., Taka N., Fujiwara K. and Kobayashi R., 2017. Waybackvisor: Hypervisor-based scalable live forensic architecture for timeline analysis. In Security, Privacy, and Anonymity in Computation, Communication, and Storage: SpaCCS 2017 International Workshops, Guangzhou, China, December 12-15, 2017, Proceedings 10 (pp. 219-230). Springer International Publishing.
[9] Hirano, M. and Kobayashi, R., 2022, July. Machine Learning-based Ransomware Detection Using Low-level Memory Access Patterns Obtained From Live-forensic Hypervisor. In 2022 IEEE International Conference on Cyber Security and Resilience (CSR)(pp. 323-330). IEEE.
[10] Hirano M., Hodota R. and Kobayashi R., 2022. RanSAP: An open dataset of ransomware storage access patterns for training machine learning models. Forensic Science International: Digital Investigation, 40, p.301314.
[11] Haris R.M., Khan K.M. and Nhlabatsi A., 2022. Live migration of virtual machine memory content in networked systems. Computer Networks, 209, p.108898.