Skip to main content
EXTENDED SEARCH
Log in
Top
Published in:
Read chapter Read first chapter

2024 | OriginalPaper | Chapter

20. Memory Analysis in Criminal Investigations

Authors : Joakim Kävrestad, Marcus Birath, Nathan Clarke

Published in: Fundamentals of Digital Forensics

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The chapter delves into the crucial role of memory analysis in criminal investigations, highlighting the use of Volatility modules to extract valuable forensic information. It begins with an overview of identifying running processes using the pslist module and continues with network information extraction via netscan. The envars module is discussed for its ability to reveal environmental variables and user activities. The chapter also covers the detection of open files using filescan and mftparser, as well as the powerful yarascan module for text searches within memory dumps. Additionally, it explores registry analysis with modules like hivelist, hashdump, and printkey. The chapter concludes with a mention of the screenshot module for generating mock-up screenshots of active user sessions. Each section is accompanied by practical examples and insights, making it an invaluable resource for forensic professionals.
AI Generated

This summary of the content was generated with the help of AI.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Business + Economics & Engineering + Technology"

Online-Abonnement

Springer Professional "Business + Economics & Engineering + Technology" gives you access to:

  • more than 102.000 books
  • more than 537 journals

from the following subject areas:

  • Automotive
  • Construction + Real Estate
  • Business IT + Informatics
  • Electrical Engineering + Electronics
  • Energy + Sustainability
  • Finance + Banking
  • Management + Leadership
  • Marketing + Sales
  • Mechanical Engineering + Materials
  • Insurance + Risk


Secure your knowledge advantage now!

inform now

Springer Professional "Engineering + Technology"

Online-Abonnement

Springer Professional "Engineering + Technology" gives you access to:

  • more than 67.000 books
  • more than 390 journals

from the following specialised fileds:

  • Automotive
  • Business IT + Informatics
  • Construction + Real Estate
  • Electrical Engineering + Electronics
  • Energy + Sustainability
  • Mechanical Engineering + Materials





 

Secure your knowledge advantage now!

inform now

Springer Professional "Business + Economics"

Online-Abonnement

Springer Professional "Business + Economics" gives you access to:

  • more than 67.000 books
  • more than 340 journals

from the following specialised fileds:

  • Construction + Real Estate
  • Business IT + Informatics
  • Finance + Banking
  • Management + Leadership
  • Marketing + Sales
  • Insurance + Risk



Secure your knowledge advantage now!

inform now
previous chapter Memory Analysis Tools
next chapter Malware Analysis
Metadata
Title
Memory Analysis in Criminal Investigations
Authors
Joakim Kävrestad
Marcus Birath
Nathan Clarke
Copyright Year
2024
Book
Fundamentals of Digital Forensics

Print ISBN: 978-3-031-53648-9

Electronic ISBN: 978-3-031-53649-6

Copyright Year: 2024

DOI
https://doi.org/10.1007/978-3-031-53649-6_20

Premium Partner

    Image Credits