This is a draft presentation of a video lesson taken from the course "Digital forensics with Kali Linux" published by Packt Publishing in May 2017: https://www.packtpub.com/networking-and-servers/digital-forensics-kali-linux
This presentation introduces memory forensics and recalls the most important concepts of virtual memory and paging.
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
Introduction to memory forensics
1. Digital forensics with Kali Linux
Marco Alamanni
Section 6
Memory forensics
www.packtpub.com
2. In this Section, we are going to take a look at…
• Introduction to virtual memory.
• Acquiring a RAM image.
• Analyzing a memory image with the Volatility framework.
4. In this Video, we are going to take a look at…
●
Virtual memory management and paging.
• Introduction to memory forensics.
5. Introduction to memory forensics
●
Memory forensics is the process of acquiring and analyzing the main memory of
a system.
●
Very important in the live response process, investigating an intrusion or a
malware infection.
Allows to collect and examine volatile artifacts that in some cases exist only in
memory.
6. Introduction to virtual memory
●
Virtual memory overcomes the limits of physical memory and maps logical to
physical memory addresses.
●
Virtual memory is divided into chunks called pages.
●
The page table mantains the mapping between pages and the relative physical
page frames.
7. Introduction to virtual memory
●
Pages are swapped to disk when physical
memory lacks according to a page replacement
algorithm.
●
A page fault is generated when a process refers a
logical address of a swapped page.
●
The memory manager reads the page from disk
and loads it to memory.
8. Introduction to virtual memory
●
Windows page file is %SYSTEMDRIVE%pagefile.sys while Unix and Linux
use the swap partition.
●
The hibernation file stores the contents of RAM before the OS goes to
hibernation state.
●
On Windows is located at %SYSTEMDRIVEhiberfil.sys while Linux generally
uses the swap partition.