Physical Sciences and Mathematics Commons^™

Forensic Analysis Of Linux Physical Memory: Extraction And Resumption Of Running Processes., Ernest D. Mougoue

Masters Theses, 2010-2019

Traditional digital forensics’ procedures to recover and analyze digital data were focused on media-type storage devices like hard drives, hoping to acquire evidence or traces of malicious behavior in stored files. Usually, investigators would image the data and explore it in a somewhat “safe” environment; this is meant to reduce as much as possible the amount of loss and corruption that might occur when analysis tools are used. Unfortunately, techniques developed by intruders to attack machines without leaving files on the disks and the ever dramatically increasing size of hard drives make the discovery of evidence difficult. These increased interest …