Skip to main content

Sherlock Recovering the Volatile Data


In this blog, we learn how to recover the data for RAM memory. This the part of the dead analysis of the digital forensic investigation.




Constable Clark:  Mr.Sherlock!! We had a case for you, A Company had reported a data theft case where confidential data of the company is compromised. We already identified some of the suspects by analysing the companies logs. Chief of police wants you to look into the case.





Sherlock: Watson lets visit the company and create an image of RAM and let's analyse the data. 

Software required to create the image of RAM: FTK Imager.

Step 1: Install, FTK Imager in victim computer.

Step 2: Open FTK Imager and Click on capture the memory. 


Step 3: Browse the location for the location to save the dump file, then click capture memory.


Watson: Sherlock, All the files are backed up into the hard drive.

Sherlock: Lets, Analyze them in the Forensics workstation.

Workstation requirements:
Kail Linux , Volatility installed in it.

To install Volatility , sudo apt-get install volatility.

Sherlock: Watson lets recover the data and find the process performed.

Here the file name is Win7memdump.mem

Step 1: Open terminal in workstation
                        volatility -f filename imageinfo 

Step 2: Now at the place of operating system enter the suggested profiles
                    volatility -f filename --profile=operatingsystem pslist

Step 3: To get a detailed analysis of the data, enter the command 
                volatility -f filename –-profile=operatingsystem hivelist


Step 4: By the analyses of suscepts system RAM we can come to a conclusion.



Watson: SherlockLook at this some opened the sever drives.

Sherlock: Send this message to the chief.


Outcome of the blog: In this blog, we learnt how to analyse and recover RAM by volatility.





To be Continued .....

 








Comments

Post a Comment

Popular posts from this blog

Can Blockchain be the Iron Man of Data Security?

  Recent incident in Cyber Space shown that how vulnerable the data is and how important data security is to the user or an organization. There are various mechanisms out in the market in terms of data protection. What may be the reason for Data Thefts and Loss of Data Privacy? Lack of privacy towards the system is becoming more vulnerable to data thefts. For example, using weak passwords and lack of application regarding Cryptography. Cyber Criminals are finding the vulnerabilities in the system like Thanos finding the Infinity stones. Blockchain is the Iron Man of the Data Security. Blockchain Architecture will help reduce data theft and data tempering. What is Blockchain? Blockchain is growing list of records called blocks which are cryptographically hashed with pervious block. Blockchain follows the Merkle tree Data Structure Merkle Tree : In  cryptography  and  computer science , a hash tree or Merkle tree is a  tree  ...
1 comment
Read more

Cyber Kurukshetra – An inspiration from the Mahabharata.

  The Mahabharata is an ancient Indian epic where the main story revolves around two branches of a family - the Pandavas and Kauravas - who, in the Kurukshetra War, battle for the throne of Hastinapura. At 100,000 verses, it is the longest epic poem ever written, generally thought to have been composed in the 4th century BCE or earlier. The Mahabharata is written by the Ved Vyas Maharshi. Mahabharata teaches the way of living for a human being. As an inspiration, we can interlink Mahabharata to Cyber Space or Cyber World and take valuable life lessons. We can grab some quick lessons from Mahabharata that will help one in their Cyber Space to stay safe and secured from Cyberattacks. So, this blog will be helping one to stay safe and secure in the Cyberspace. Ashwathama hatha narova kunjarova Explanation: It means  Ashwathama  is dead. And kunjaraha means elephant. But this was used as a ploy to kill  Ashwathama's  father,  Dronacharya . Yudhisthir is kn...
3 comments
Read more

Sherlock says “A World with the Internet is Unsafe”

  Once a journalist in Baker street interviewed Mr Sherlock Holmes about a cybercrime happening in the Cyberspace. Disclaimer : This article is about privacy and security measure that needs to be taken in   cyberspace Journalist: Hello Sir, I am a Steve working as journalist and I have few queries about the cybercrime happening nowadays and the reasons behind it. Sherlock: A world with the internet is unsafe, the technologies and applications that we use are often not secure and our data might not be safe. Journalist: Sir, can you explain briefly? Sherlock: We download applications, files, music etc from different sites. This may trigger a Malware. This Malware acts as Spyware. Through this malware, we will have full access to the entire mobile such as a camera, microphone, messages, contacts and logs. Malware will also be able to gain access to content-sensitive information such as OTPs, bank details and these confidential details will help hackers gain access to the b...
Post a Comment
Read more