SpringerLink
Log in

Memory Analysis Tools

  • Chapter
  • First Online:
Fundamentals of Digital Forensics

Part of the book series: Texts in Computer Science ((TCS))

  • 279 Accesses

Abstract

As has been discussed throughout this book, the computer memory is a good source of information that should not be overlooked during a forensic examination. However, the traditional tools used for forensic examination are not built to handle memory dumps very well. As has been discovered in the previous chapter, the memory structure is vastly different from the structure of a secondary storage device. Further, there are differences in how memory is allocated between different operating system versions. For that reason, a forensic examiner needs to have a tool for memory analysis, which is capable of interpreting memory dumps from different operating system versions. One such tool is Volatility, which is introduced and described in this chapter in a practical manner. Conveniently enough, Volatility is open source and free to use. Another tool introduced in this chapter is Redline, that is, a graphical tool designed for malware analysis in memory dumps.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 55.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
GBP 69.99
Price includes VAT (United Kingdom)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/volatilityfoundation/volatility.

  2. 2.

    http://www.volatilityfoundation.org/releases.

  3. 3.

    https://github.com/volatilityfoundation/volatility/wiki/Command-Reference.

  4. 4.

    https://github.com/volatilityfoundation/volatility3.

  5. 5.

    https://www.osforensics.com/tools/volatility-workbench.html.

  6. 6.

    https://www.fireeye.com/.

  7. 7.

    https://www.symantec.com/connect/blogs/open-ioc.

References

  • Ligh MH, Case A, Levy J, Walters A (2014) The art of memory forensics: detecting malware and threats in windows, linux, and Mac memory. Wiley, New York

    Google Scholar 

  • Volatility Foundation (2017) Volatility Foundation. Available Online: http://www.volatilityfoundation.org/. Fetched 6 July 2017

Download references

Author information

Authors and Affiliations

  1. Jönkö** School of Engineering, Jönkö**, Sweden

    Joakim Kävrestad

  2. School of Informatics, University of Skövde, Skövde, Sweden

    Marcus Birath

  3. School of Engineering, Computing and Mathematics, University of Plymouth, Plymouth, UK

    Nathan Clarke

Authors
  1. Joakim Kävrestad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marcus Birath
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nathan Clarke
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joakim Kävrestad .

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Kävrestad, J., Birath, M., Clarke, N. (2024). Memory Analysis Tools. In: Fundamentals of Digital Forensics. Texts in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-031-53649-6_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-53649-6_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-53648-9

  • Online ISBN: 978-3-031-53649-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation