The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process lists, network connections, and so on) and in particular on the Microsoft Windows operating system, this work focuses on Linux user space processes as they might also …

Significantly increased use of USB devices due to their user-friendliness and large storage capacities poses various threats for many users/companies in terms of data theft that becomes easier due to their efficient mobility. Investigations for such data theft activities would require gathering critical digital information capable of recovering digital forensics artifacts like date, time, and device information. This research gathers …

Memory analysis has been successfully utilized to detect malware in many high profile cases. The use of signature scanning to detect malicious tools is becoming an effective triaging and first response technique. In particular, the Yara library and scanner has emerged as the defacto standard in malware signature scanning for files, and there are many open source repositories of yara …

Memory forensics is now a standard component of digital forensic investigations and incident response handling, since memory forensic techniques are quite effective in uncovering artifacts that might be missed by traditional storage forensics or live analysis techniques. Because of the crucial role that memory forensics plays in investigations and because of the increasing use of automation of memory forensics techniques, …

In recent years the use of digital communication has increased. This also increased the chance to find privileged data in the digital evidence. Privileged data is protected by law from viewing by anyone other than the client. It is up to the digital investigator to handle this privileged data properly without being able to view the contents. Procedures on handling …

As the world is moving to Internet of Things, the attackers too. Increasing use of IoT devices in various segments has been instrumental in attracting attackers for possible use of this latest and less controlled technology in committing crimes. Though, academia, industry and research fraternity is busy in strengthening security of IoT components, they are still not able to keep …

Digital Forensics is a technique used to search for evidence of events that have occurred. This quest aims to reveal the hidden truth. The existence of digital forensic activities due to the occurrence of crimes both in the field of computers or other. Legal treatment in digital forensic field makes this area of science a compulsory device to dismantle crimes …

Internet security can be compromised not only through the threat of Malware, fraud, system intrusion or damage, but also via the tracking of internet activity. Criminals are using numerous methods to access data in the highly lucrative cybercrime business. Organised crime, as well as individual users, are benefiting from the protection of Virtual Private Networks (VPN) and private browsers, such …

Cloud computing and cloud storage services, in particular, pose a new challenge to digital forensic investigations. Currently, evidence acquisition for such services still follows the traditional method of collecting artifacts on a client device. This approach requires labor-intensive reverse engineering efforts, and ultimately result in an acquisition that is inherently incomplete. Specifically, it makes the incorrect assumption that all storage …

Recent work has investigated the use of hardware performance counters (HPCs) for the detection of malware running on a system. These works gather traces of HPCs for a variety of applications (both malicious and non-malicious) and then apply machine learning to train a detector to distinguish between benign applications and malware. In this work, we provide a more comprehensive analysis …