Skip to main content

Sherlock Recovering the Volatile Data


In this blog, we learn how to recover the data for RAM memory. This the part of the dead analysis of the digital forensic investigation.




Constable Clark:  Mr.Sherlock!! We had a case for you, A Company had reported a data theft case where confidential data of the company is compromised. We already identified some of the suspects by analysing the companies logs. Chief of police wants you to look into the case.





Sherlock: Watson lets visit the company and create an image of RAM and let's analyse the data. 

Software required to create the image of RAM: FTK Imager.

Step 1: Install, FTK Imager in victim computer.

Step 2: Open FTK Imager and Click on capture the memory. 


Step 3: Browse the location for the location to save the dump file, then click capture memory.


Watson: Sherlock, All the files are backed up into the hard drive.

Sherlock: Lets, Analyze them in the Forensics workstation.

Workstation requirements:
Kail Linux , Volatility installed in it.

To install Volatility , sudo apt-get install volatility.

Sherlock: Watson lets recover the data and find the process performed.

Here the file name is Win7memdump.mem

Step 1: Open terminal in workstation
                        volatility -f filename imageinfo 

Step 2: Now at the place of operating system enter the suggested profiles
                    volatility -f filename --profile=operatingsystem pslist

Step 3: To get a detailed analysis of the data, enter the command 
                volatility -f filename –-profile=operatingsystem hivelist


Step 4: By the analyses of suscepts system RAM we can come to a conclusion.



Watson: SherlockLook at this some opened the sever drives.

Sherlock: Send this message to the chief.


Outcome of the blog: In this blog, we learnt how to analyse and recover RAM by volatility.





To be Continued .....

 








Comments

Post a Comment

Popular posts from this blog

Can Blockchain be the Iron Man of Data Security?

  Recent incident in Cyber Space shown that how vulnerable the data is and how important data security is to the user or an organization. There are various mechanisms out in the market in terms of data protection. What may be the reason for Data Thefts and Loss of Data Privacy? Lack of privacy towards the system is becoming more vulnerable to data thefts. For example, using weak passwords and lack of application regarding Cryptography. Cyber Criminals are finding the vulnerabilities in the system like Thanos finding the Infinity stones. Blockchain is the Iron Man of the Data Security. Blockchain Architecture will help reduce data theft and data tempering. What is Blockchain? Blockchain is growing list of records called blocks which are cryptographically hashed with pervious block. Blockchain follows the Merkle tree Data Structure Merkle Tree : In  cryptography  and  computer science , a hash tree or Merkle tree is a  tree  in which every  leaf node  is labelled with the 
1 comment
Read more

Sherlock says “A World with the Internet is Unsafe”

  Once a journalist in Baker street interviewed Mr Sherlock Holmes about a cybercrime happening in the Cyberspace. Disclaimer : This article is about privacy and security measure that needs to be taken in   cyberspace Journalist: Hello Sir, I am a Steve working as journalist and I have few queries about the cybercrime happening nowadays and the reasons behind it. Sherlock: A world with the internet is unsafe, the technologies and applications that we use are often not secure and our data might not be safe. Journalist: Sir, can you explain briefly? Sherlock: We download applications, files, music etc from different sites. This may trigger a Malware. This Malware acts as Spyware. Through this malware, we will have full access to the entire mobile such as a camera, microphone, messages, contacts and logs. Malware will also be able to gain access to content-sensitive information such as OTPs, bank details and these confidential details will help hackers gain access to the bank accou
Post a Comment
Read more

The Defense Against the Dark Arts

The Defense against the dark arts refers to defending yourself in the world Cyber against the Dark arts like hacking, data theft and social engineering attacks. Professor Snape for Hogwarts School of Witchcraft and Wizardry and Ilvermorny School of Witchcraft and Wizardry will teach the subject Defense against the Darks arts; ie Professor will teach how to protect your self from the Cyberworld. “Your defences must, therefore, be as flexible and inventive as the arts you seek to undo”    -Professor Snape Rule 1: “Don’t click unwanted links that you receive by E-Mails or by forwarded messages in Whats App” Once a student of Hogwarts came to know about the chamber of secrets, We all know the curiosity that the students of Hogwarts had They started digging into mystery while searching for the mystery they found something like what they want without knowing they started reading the spell and that resulted in huge damage. Rule 2: “Don’t connect to public WI-FI’s
Post a Comment
Read more