Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 3 of 3
Full-Text Articles in Physical Sciences and Mathematics
Finding Forensic Evidence In The Operating System's Graphical User Interface, Edward X. Wilson Mr.
Finding Forensic Evidence In The Operating System's Graphical User Interface, Edward X. Wilson Mr.
LSU Master's Theses
A branch of cyber security known as memory forensics focuses on extracting meaningful evidence from system memory. This analysis is often referred to as volatile memory analysis, and is generally performed on memory captures acquired from target systems. Inside of a memory capture is the complete state of a system under investigation, including the contents of currently running as well as previously executed applications. Analysis of this data can reveal a significant amount of activity that occurred on a system since the last reboot. For this research, the Windows operating system is targeted. In particular, the graphical user interface component …
Improving Kernel Artifact Extraction In Linux Memory Samples Using The Slub Allocator, Daniel A. Donze
Improving Kernel Artifact Extraction In Linux Memory Samples Using The Slub Allocator, Daniel A. Donze
LSU Master's Theses
Memory forensics allows an investigator to analyze the volatile memory (RAM) of a computer, providing a view into the system state of the machine as it was running. Examples of items found in memory samples that are of interest to investigators are kernel data structures which can represent processes, files, and sockets. The SLUB allocator is the default small-request memory allocator for modern Linux systems. SLUB allocates “slabs”, which are contiguous sections of pre-allocated memory that are used to efficiently service allocation requests. The predecessor to SLUB, the SLAB allocator, tracked every slab it allocated, allowing extraction of allocated slabs …
Memory Forensics Comparison Of Apple M1 And Intel Architecture Using Volatility Framework, Joshua Duke
Memory Forensics Comparison Of Apple M1 And Intel Architecture Using Volatility Framework, Joshua Duke
LSU Master's Theses
Memory forensics allows an investigator to get a full picture of what is occurring on-device at the time that a memory sample is captured and is frequently used to detect and analyze malware. Malicious attacks have evolved from living on disk to having persistence mechanisms in the volatile memory (RAM) of a device and the information that is captured in memory samples contains crucial information for full forensic analysis by cybersecurity professionals. Recently, Apple unveiled computers containing a custom designed system on a chip (SoC) called the M1 that is based on ARM architecture. Our research focused on the differences …