Title :
Simplifying RAM Forensics: A GUI and Extensions for the Volatility Framework
Author :
Logen, Steffen ; Höfken, Hans ; Schuba, Marko
Author_Institution :
Fac. of Electr. Eng. & Inf. Technol., Aachen Univ. of Appl. Sci., Aachen, Germany
Abstract :
The Volatility Framework is a collection of tools for the analysis of computer RAM. The framework offers a multitude of analysis options and is used by many investigators worldwide. Volatility currently comes with a command line interface only, which might be a hinderer for some investigators to use the tool. In this paper we present a GUI and extensions for the Volatility Framework, which on the one hand simplify the usage of the tool and on the other hand offer additional functionality like storage of results in a database, shortcuts for long Volatility Framework command sequences, and entirely new commands based on correlation of data stored in the database.
Keywords :
computer forensics; graphical user interfaces; random-access storage; storage management; GUI; RAM forensics; command line interface; graphical user interface; volatile memory; volatility framework; Correlation; Data mining; Databases; Graphical user interfaces; Loading; Random access memory; Usability; GUI; RAM forensics; Volatility Framework; correlation of data; digital forensics;
Conference_Titel :
Availability, Reliability and Security (ARES), 2012 Seventh International Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4673-2244-7
DOI :
10.1109/ARES.2012.12
