MEMORY ANALYSIS USING DUMPIT AND VOLATILITY

Dear Readers,
Welcome to new issue of eForensics Magazine, just before Spring Holiday so we hope you’ll find some free time to grab the magazine and delv into the topic. This time we shed light on Memory Forensics topic.
Check what you can find inside:

Memory Analysis using DumpIt and Volatility
by Daniel Dieterle
Want an easy way to grab a memory dump from a live system and search it for forensic artifacts? Look no further than DumpIt and Volatility. In this article we will see how to pull pertinent information from a memory dump and cover some basic analysis with Volatility. We will also look at a memory image infected with Stuxnet.

A Practical Approach To Malware Memory Forensics
by Monnappa K A
Memory Forensics is the analysis of the memory image taken from the running computer. It plays an important role in investigations and incident response. In this article, we will learn how to use Memory Forensic Toolkits such as Volatility to analyze the memory artifacts with practical real life forensics scenarios.

Cold Boot Memory Forensics
by Alexander Sverdlov
Cyber forensics professionals have long been familiar with memory forensics and its benefits – extracting encryption keys for Full Disk Encryption software, extracting data which was in the memory but not stored on disk after a fast shutdown – passwords, URLs, documents, photos, process names – however, the Cold Boot Memory dumping tools were either too difficult to work with or way too expensive for experimenting.

MALWARE FORENSICS & ZEUS
by Mikel Gastesi ,  Jozef Zsolnai & Nahim Fazal
Citadel appeared early in 2012 and the immediate question that was asked was, is this new malware family or something that the cyber crime community had seen before. Upon examining the malware it quickly became apparent that the malware sample was very closely related to banking Trojan called Zeus that had been existence in one form or another for a few years. It was a variant of Zeus all be it with some new shinny features.

Security & Online identity protocols: a tester’s view
by Cordny Nederkoorn
This article will discuss possible threats associated with the use of online identity protocols, like OpenID and OAuth, which are used widely in social-media software for social sign on and data sharing. OAuth will be used as an example to show how OAuth can be susceptible to malicious attacks, resulting in damage on users or applications that have implemented this protocol. The main attacks and countermeasures will be discussed.

Establishing a Center for Digital Forensics Investigative Services on the cloud
by Rocky Termanini, PhD, CISSP
The concept of building a Center for Digital Forensics Investigative Services on the cloud is a compelling and totally innovative. Everything is becoming cost effective and cloud-centric, including selling Platform as a Service (PaaS), Software as a Service (SaaS). Now offering Digital Forensics as a Service (DFaaS) is an attractive venture which will prove to be profitable and highly successful.

Digital Continuity of Government Records
by Dr. Stilianos Vidalis, Lecturer at Staffordshire University and Dr. Olga Angelopoulou Lecturer at Derby University
The first person to properly report and document the principles of information operations was Sun Tzu, thousands of years ago in his ancient Chinese military treatise. The same principles apply today across all of the different public and private sector organisations. It has become excessively important for public organisations to have the right information on the right time in order to be able to satisfy and service public needs in an appropriate manner, as specified by UK and EU legislation. It is equally important to apply innovation in extracting knowledge from existing data sets in order to proactively satisfy future needs of the public.