Skip to main content

Sherlock Recovering the Volatile Data


In this blog, we learn how to recover the data for RAM memory. This the part of the dead analysis of the digital forensic investigation.




Constable Clark:  Mr.Sherlock!! We had a case for you, A Company had reported a data theft case where confidential data of the company is compromised. We already identified some of the suspects by analysing the companies logs. Chief of police wants you to look into the case.





Sherlock: Watson lets visit the company and create an image of RAM and let's analyse the data. 

Software required to create the image of RAM: FTK Imager.

Step 1: Install, FTK Imager in victim computer.

Step 2: Open FTK Imager and Click on capture the memory. 


Step 3: Browse the location for the location to save the dump file, then click capture memory.


Watson: Sherlock, All the files are backed up into the hard drive.

Sherlock: Lets, Analyze them in the Forensics workstation.

Workstation requirements:
Kail Linux , Volatility installed in it.

To install Volatility , sudo apt-get install volatility.

Sherlock: Watson lets recover the data and find the process performed.

Here the file name is Win7memdump.mem

Step 1: Open terminal in workstation
                        volatility -f filename imageinfo 

Step 2: Now at the place of operating system enter the suggested profiles
                    volatility -f filename --profile=operatingsystem pslist

Step 3: To get a detailed analysis of the data, enter the command 
                volatility -f filename –-profile=operatingsystem hivelist


Step 4: By the analyses of suscepts system RAM we can come to a conclusion.



Watson: SherlockLook at this some opened the sever drives.

Sherlock: Send this message to the chief.


Outcome of the blog: In this blog, we learnt how to analyse and recover RAM by volatility.





To be Continued .....

 








Comments

Post a Comment

Popular posts from this blog

Can Blockchain be the Iron Man of Data Security?

  Recent incident in Cyber Space shown that how vulnerable the data is and how important data security is to the user or an organization. There are various mechanisms out in the market in terms of data protection. What may be the reason for Data Thefts and Loss of Data Privacy? Lack of privacy towards the system is becoming more vulnerable to data thefts. For example, using weak passwords and lack of application regarding Cryptography. Cyber Criminals are finding the vulnerabilities in the system like Thanos finding the Infinity stones. Blockchain is the Iron Man of the Data Security. Blockchain Architecture will help reduce data theft and data tempering. What is Blockchain? Blockchain is growing list of records called blocks which are cryptographically hashed with pervious block. Blockchain follows the Merkle tree Data Structure Merkle Tree : In  cryptography  and  computer science , a hash tree or Merkle tree is a  tree  ...
1 comment
Read more

Cyberspace awareness during COVID-19

This COVID – 19 pandemic the usage of internet is increased. This pandemic situation became a great opportunity to cybercriminals. To protect our self from the cybercriminals, we need to follow some precautions. Hackers mostly use social engineering techniques to hack your devices.                              Here are some precautions measures to stay secure in this pandemic situations. 1) Banks are not going to ask the customers to pay the loans or bills through emails. As the  government of India cleared order the banks to the postponement of taking bills for three months. Even though if you're paying your debts to please pay the bills by going to the official website of the bank. If you receive any phone call or email stating that they are from the bank and asking to share your card details or PIN or UPI details, please ignore them and report to the bank. 2) Pay the subscription...
Post a Comment
Read more

Cyber Kurukshetra – An inspiration from the Mahabharata.

  The Mahabharata is an ancient Indian epic where the main story revolves around two branches of a family - the Pandavas and Kauravas - who, in the Kurukshetra War, battle for the throne of Hastinapura. At 100,000 verses, it is the longest epic poem ever written, generally thought to have been composed in the 4th century BCE or earlier. The Mahabharata is written by the Ved Vyas Maharshi. Mahabharata teaches the way of living for a human being. As an inspiration, we can interlink Mahabharata to Cyber Space or Cyber World and take valuable life lessons. We can grab some quick lessons from Mahabharata that will help one in their Cyber Space to stay safe and secured from Cyberattacks. So, this blog will be helping one to stay safe and secure in the Cyberspace. Ashwathama hatha narova kunjarova Explanation: It means  Ashwathama  is dead. And kunjaraha means elephant. But this was used as a ploy to kill  Ashwathama's  father,  Dronacharya . Yudhisthir is kn...
3 comments
Read more