![]() ![]() ![]() It is possible to collect information about various elements such as scanning the open ports and the list of connections, searching the history of executed commands, displaying information about devices, viewing information about the different processes, and so on. The tool contains a number of commands that allow the investigator to trawl through the data stored in memory looking for possible anomalies. Since RAM is integral for your computer’s functioning, upgrading your memory is one of the quickest and most efficient ways to fix a slow computer. You can also work with on-disk images and RAM disks. It is written in Python and is compatible with Microsoft Windows, Mac OS X and Linux. RAM plays a vital part in many tasks, including rendering images for graphic design, editing videos or photographs, and multitasking with several apps or programs open. This product lets you create any number of virtual RAM disks limited only by the available memory. Volatility is an open source forensic tool for incident response and malware analysis. Once acquired, it is necessary to proceed to the next phase, that of analysis.įor the analysis of this memory, there are several possibilities of different software programmes focused on this type of research, with Volatility being perhaps the best known tool. It is always advisable, as in any acquisition process, to use those that have been previously tested and that the researcher feels comfortable using, having checked that they work correctly. In order to dump the memory (memory dump), there are several tools that will help us to achieve this. But first it will be necessary to perform the acquisition process. Some of today's malware runs in RAM, so in order to detect it and analyse its behaviour, it is important to analyse a copy of the volatile memory of the computer where the suspicious activity was detected. However, it is necessary that, at the moment when it is known that a cyber-attack has taken place, one of the last things to do is to turn off the equipment involved, as this could mean the loss of this type of evidence, since, as mentioned above, RAM memory will only store data when the system is switched on. It is a very quick resource as far as acquisition is concerned, since in order to access the RAM memory you need to have access to a physical computer, and therefore there is no inconvenience in carrying out this type of investigation, which can be done on site. This happens for several reasons: Information needs to be retrieved about the events that have taken place in a particular cyber-attack, and RAM contains most of the details about the processes that have been active and the processes that have been accessing the memory. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |