Tapes can be relied upon to remain unchanged longer than things in RAM as it is less volatile. Thus, some type of data is generally more persistent, or long-lasting, than others. Also, it is extremely difficult to verify by just lookingwhether the stored information has been changed. With time, the usefulness of the informationmay reduce, thereby decreasing the ability to recall or validate the data. The two most commonly thought data repositories are hard disk storage and RAM.Apart from these, the useful and important data can also hide outside the system if it is connected to the network.There is also a fact that all the data is volatile. Significant number of locations and layers are used by computers to store a great amount of information. Many popular web browsers allow their user to cover their tracks like log files of user activity are created but deleted when the browser is closed. Encrypted files or partitions are the areas of the hard drive which are used to hide evidence. Malware resides completely in the RAM with no trace of existence on the hard disk. Inability of operating system to detect the Root kits hiding withinprocesses is also a problem. The use of removable media such as a USB stick for installing the applications and are then virtualizing it in RAM without a trace on the hard disk is suspicious. Keywords- Computer Forensics, RAM, framework, hard disksĭigital evidence collection is being driven by the rapidly changing threats in computing environment. A framework has been proposed which will be useful in analyzing the various processes running on the RAM and hence identifying the malicious activities.By analyzing the logs, we would also identify the insertion of external media without the consent of the owner.
In this paper, we have studiedthe importance of RAM Forensics.
Analyzing different processes running in RAM would be useful evidence in the world of computer forensics. Institute of Technology, Vashi NaviMumbai,IndiaĪbstractComputer Forensics, being an integral part of the investigations pertaining to all crimes, has made its existence felt in law enforcement and the business community.The confidential data from the victims machine may be compromised by some malicious program running in the RAM or through physical access like pen drive, hard disks, etc.
1Vineet Mishra 2Samrat Sutar3 Pallavi Nigamġ,2,3Student (Computer Engineering) Fr.