Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

PDF

Edith Cowan University

Australian Digital Forensics Conference

2013

Comparison

Articles 1 - 1 of 1

Full-Text Articles in Physical Sciences and Mathematics

Volatile Memory Acquisition Tools – A Comparison Across Taint And Correctness, William Campbell Dec 2013

Volatile Memory Acquisition Tools – A Comparison Across Taint And Correctness, William Campbell

Australian Digital Forensics Conference

The growth in volatile memory forensics has steadily increased in recent times. With this growth comes a need to test the tools associated with this practise. Although there appears to be a large amount of effort in testing static memory capture tools, there is perhaps less so for volatile memory capture. This paper describes the attempts at categorizing criteria for testing, and then introduces and extends upon a methodology proposed by Lempereur and colleagues in 2012. Four tools (Windows Memory Reader, WinPmem, FTK Imager and DumpIt) are tested against two criteria (impact and completeness). WMR and DumpIt were found to …

Go to article