Skip to main content
SpringerLink
Log in

A study on memory dump analysis based on digital forensic tools

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

The application of IT in all industrial facilities has led to the use of special-purpose systems in diverse areas. As such, special-purpose systems have increasingly become the target or path of hacking attacks. From a digital forensics viewpoint, these systems can be used to gather evidence from all the relevant digital devices such as whole systems or storage units at the scene of a crime. Notably, In case of special-purpose embedded system, unlike a conventional computing system, is almost always ‘powered on’ like server, the accumulated data can remain in the volatile memory. This paper focuses on analyzing ways of gathering physical memory data for application in an embedded system and of developing a test system to analyze the physical memory for verification.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Brendan DG (2008) Forensic analysis of the Windows registry in memory. Digital Investigation, Volume 5, Supplement, S26–S32

  2. Vomel S, Freiling FC (2011) A survey of main memory acquisition and analysis techniques for the windows operating system. Digit Investig 8:3–22

    Google Scholar 

  3. Petroni NL Jr, Walters AA, Fraser T, Arbaugh WA (2006) FATKit: a framework for the extraction and analysis of digital forensic data from volatile system memory. Digit Investig 3:197–210

    Google Scholar 

  4. Han JS, Lee SJ (2011) The windows physical memory dump explorer for live forensics. KIISC J 26(2):71–82

    Google Scholar 

  5. Lee SH, Kim HS, Lee SJ, Lim JI (2006) A study of memory information collection and analysis in a view of digital forensic in window system. KIISC J 16(1):87–96

    Google Scholar 

  6. Carrier B, Grand J (2004) A hardware-based memory acquisition procedure for digital investigations. Digit Investig 1(1):50–60

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by the Power Generation & Electricity Delivery of the Korea Institute of Energy Technology Evaluation and Planning (KETEP) grant funded by the Korea government Ministry of Trade, industry & Energy (2012101050004A)

Author information

Authors and Affiliations

  1. The Attached Institute of ETRI, Daejeon, Korea

    Jungtaek Seo

  2. Ajou University, Suwon, South Korea

    Seokjun Lee & Taeshik Shon

Authors
  1. Jungtaek Seo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seokjun Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Taeshik Shon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Taeshik Shon.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Seo, J., Lee, S. & Shon, T. A study on memory dump analysis based on digital forensic tools. Peer-to-Peer Netw. Appl. 8, 694–703 (2015). https://doi.org/10.1007/s12083-013-0217-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-013-0217-3

Keywords

Search

Navigation