Live Memory Forensic Analysis

The live memory image acquired in live forensics is always view in terms of integrity and reliability when presented as evidence. In this work, I describe how evidence like live memory obtained from physical memory image (RAM) and trustworthiness of evidence is studied. The evidence in live memory image can be taken as how accurately the memory image of RAM shows the real memory of the target machine. Based on a live memory analysis, investigator can test memory acquisition tool and after that live memory image is analyzed. Then, I describe the part of live memory analysis in the digital cyber forensics process and its use to address many challenges of the digital forensic investigation. In this work, I provide a method to overcome these problems. I highlight at some of the existing methods to live memory analysis. This work is done using acquisition and analysis tools.
DOI: 10.17762/ijritcc2321-8169.150559