3S week 8 assignment DF
%69
%5
%0
SafeAssign Originality Report Digital Forensics Tools & Tchq - 202040 - CRN127 - Rucker • Week Eight Assignment
%74Total Score: High riskVenkatesh Bodhupally Submission UUID: 680cd83f-65c1-b609-7c13-c42c95f8db1c
Total Number of Reports
1 Highest Match
74 % forensictools.docx
Average Match
74 % Submitted on
04/30/20 05:27 PM EDT
Average Word Count
564 Highest: forensictools.docx
%74Attachment 1
Institutional database (2)
Student paper Student paper
Scholarly journals & publications (2)
ProQuest document ProQuest document
Internet (1)
dfrws
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 564 forensictools.docx
2 5
4 3
1
2 Student paper 4 ProQuest document 5 Student paper
Source Matches (13)
dfrws 66%
Student paper 100%
Student paper 100%
Running Head: INVESTIGATIONS AND FORENSICS 1
INVESTIGATIONS AND FORENSICS 4
Tools in Memory Forensics
Venkatesh Bodhupally
NEC.
Some of the tools applicable in the collection of live memory images in media include; volatility suite (Htun, Thwin & San, 2018). This tool or program analyzes the
RAM and has support from different operating systems such as Linux and windows. RAW and VMWare are also analyzable by this tool, with no issues arising. Rekall is a tool used by investigators and responders since it features in analyzing other tools and acquiescing them. It's not a single application but a forensic framework (Socała & Cohen, 2016). Helix ISO, a live disk that helps in capturing of memory images in a system and memory dumping. This type of tool has some risks associated with it that make it not able to run directly into a system such as acquisition footprint Other tools include; process hacker which is an application that monitors application, and it can be run when the machine that is on target is on use. The tool makes an investigator understand the issue affecting the system before a snapshot of the memory is taken (Eden, Pontypridd, Cherdantseva, & Stoddart, 2016). The tool can also help in uncovering processes that are malicious and in identifying terminated processes in a set period. Investigators also use or can use Belk soft RAM capture, which allows capturing of the volatile section of system memory into a file. Belksoft RAM capture is a criminology device that has a free unpredictable memory, and it is used in catching the live RAM. Belksoft RAM capture has drivers worth 32-bit and 64-bit; that's why this tool is used in overcoming anti-debugging as well as anti-dumping systems. Ftk Imager is a tool that catches the live RAM. At a time picture, this type of tool makes a tiny bit alongside slack space. This type of tool is not capable of dividing or dissecting the memory dump that is caught (Venkateswara Rao, & Chakravarthy, 2016). A yearly subscription for Ftk Imager is $2,227, and a perpetual license goes for $3,995. Windows SCOPE is a tool used in windows 10 but when accommodating bolster. In terms of security breaks, this tool offers excellent reminiscence crime scenes investigations. Windows SCOPE is worth $9,899 when purchased in each year. This tool presently been offering cloud rentals. Windows SCOPE can also achieve reverse-engineering in the whole gadget form corporal memory.
References Eden, P., Pontypridd, C., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K.,... & Stoddart, K. (2016). Forensic Readiness for SCADA/ICS Incident. In
Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research (p. 142). Retrieved from https://www.scienceopen.com/hosteddocument? doi=10.14236/ewic/ICSCSR2016.0 Htun, N. L., Thwin, M. M. S., & San, C. C. (2018, July). Evidence Data Collection with ANDROSICS Tool for Android
Forensics. In 2018 10th International Conference on Information Technology and Electrical Engineering (ICITEE) (pp. 353-358). IEEE. Retrieved from
https://ieeexplore.ieee.org/abstract/document/8534760/ Socała, A., & Cohen, M. (2016). Automatic profile generation for live Linux Memory analysis. Digital
Investigation, 16, S11-S24. Retrieved from https://www.sciencedirect.com/science/article/pii/S1742287616000050
Venkateswara Rao, V., & Chakravarthy, A. S. N. (2016). Survey on android forensic tools and methodologies. International Journal of Computer Applications, 154(8), 17- 21. Retrieved from https://pdfs.semanticscholar.org/7f9c/b432a610d08dd4eda2cda5c17feacfa08863.pdf
1
2
2 2
2 2 2
3
2
4
5
1
Student paper
Tools in Memory Forensics
Original source
Memory Forensics I
2
Student paper
Some of the tools applicable in the collection of live memory images in media include; volatility suite (Htun, Thwin & San, 2018). This tool or program analyzes the RAM and has support from different operating systems such as Linux and windows. RAW and VMWare are also analyzable by this tool, with no issues arising.
Original source
Some of the tools applicable in collection of live memory images in media include volatility suite (Htun, Thwin & San, 2018) This tool or program analyzes the RAM and has support from different operating systems such as Linux and windows RAW, VMWare are also analyzable by this tool with no issues arising
2
Student paper
Rekall is a tool used by investigators and responders since it features in analyzing other tools and acquiescing them. It's not a single application but a forensic framework (Socała & Cohen, 2016). Helix ISO, a live disk that helps in capturing of memory images in a system and memory dumping. This type of tool has some risks associated with it that make it not able to run directly into a system such as acquisition footprint Other tools include;
Original source
Rekall is a tool used by investigators and responders since it features in analyzing other tools and acquiescing them It’s not a single application but a forensic framework (Socała & Cohen, 2016) Helix ISO, a live disk that helps in capturing of memory images in a system and memory dumping This type of tool has some risks associated with it that make it not able to run directly into a system such as acquisition footprint Other tools include
Student paper 98%
Student paper 91%
Student paper 100%
Student paper 100%
Student paper 100%
Student paper 100%
ProQuest document 75%
Student paper 100%
ProQuest document 88%
Student paper 76%
2
Student paper
process hacker which is an application that monitors application, and it can be run when the machine that is on target is on use. The tool makes an investigator understand the issue affecting the system before a snapshot of the memory is taken (Eden, Pontypridd, Cherdantseva, & Stoddart, 2016). The tool can also help in uncovering processes that are malicious and in identifying terminated processes in a set period. Investigators also use or can use Belk soft RAM capture, which allows capturing of the volatile section of system memory into a file.
Original source
process hacker an application that monitors application and it can be run when the machine that is on target is on use The tool makes an investigator understand the issue affecting the system before a snapshot of the memory is taken (Eden, Pontypridd, Cherdantseva, & Stoddart, 2016) The tool can also help in uncovering processes that are malicious and in identifying terminated processes in a set period of time Investigators also use or can use Belk soft RAM capture which allows capturing of the volatile section of system memory into a file
2
Student paper
References Eden, P., Pontypridd, C., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K.,...
Original source
3) Eden, P., Pontypridd, C., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K.,
2
Student paper
Forensic Readiness for SCADA/ICS Incident. In Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research (p.
Original source
Forensic Readiness for SCADA/ICS Incident In Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research (p
2
Student paper
L., Thwin, M.
Original source
L., Thwin, M
2
Student paper
S., & San, C.
Original source
S., & San, C
2
Student paper
Evidence Data Collection with ANDROSICS Tool for Android Forensics. In 2018 10th International Conference on Information Technology and Electrical Engineering (ICITEE) (pp.
Original source
Evidence Data Collection with ANDROSICS Tool for Android Forensics In 2018 10th International Conference on Information Technology and Electrical Engineering (ICITEE) (pp
3
Student paper
Retrieved from https://ieeexplore.ieee.org/abstract/docu ment/8534760/ Socała, A., & Cohen, M.
Original source
Retrieved from https://ieeexplore.ieee.org/abstract/docu ment/4147979
2
Student paper
Automatic profile generation for live Linux Memory analysis. Digital Investigation, 16, S11-S24.
Original source
Automatic profile generation for live Linux Memory analysis Digital Investigation, 16, S11-S24
4
Student paper
Retrieved from https://www.sciencedirect.com/science/a rticle/pii/S1742287616000050
Original source
Retrieved from https://www.sciencedirect.com/science/a rticle/pii/S016762961500082X
5
Student paper
Retrieved from https://pdfs.semanticscholar.org/7f9c/b4 32a610d08dd4eda2cda5c17feacfa08863. pdf
Original source
Retrieved from https://pdfs.semanticscholar.org/6447/3 95a2f7649ec609aabdd28863c506d3d939 9.pdf