Overview
Explore memory acquisition techniques in digital forensics and incident response through this 47-minute conference talk. Delve into the fundamentals of memory forensics, addressing challenges and various acquisition options. Learn about hardware-based methods like PCIe and FireWire, as well as software-based approaches. Examine address space layout, virtual machine memory acquisition, crash dumps, and hibernation files. Discover cold-boot attacks and anti-forensic avenues, and gain insights on effective countermeasures. Enhance your understanding of this critical aspect of digital investigations and cybersecurity.
Syllabus
Intro
Memory Acquisition - What?
Memory Forensics - Why?
Memory Acquisition Challenges
Memory Acquisition Options
Memory Acquisition Hardware
Memory Acquisition via Hardware: PCile
Memory Acquisition via Hardware: FireWire
Address Space Layout
Software Memory Acquisition - How?
Software Memory Acquisition: Considerations
Software Memory Acquisition: Tools
Virtual Machine Memory Acquisition
Crash Dumps
Hibernation Files
Cold-Boot Attacks
Anti-Forensic Avenues
What Can We Do?
Questions?