Systematic Memory Forensic Analysis of Ransomware using Digital Forensic Tools

Systematic Memory Forensic Analysis of Ransomware using Digital Forensic Tools

Paul Joseph (Vellore Institute of Technology, India) and Jasmine Norman (Vellore Institute of Technology, India)
Copyright: © 2020 |Pages: 21
DOI: 10.4018/IJNCR.2020040105


Cybercrimes catastrophically caused great financial loss in the year 2018 as powerful obfuscated malware known as ransomware continued to be a continual threat to governments and organizations. Advanced malwares capable of system encryption with sophisticated obscure keys left organizations paying the ransom that hackers demand. Since every individual is vulnerable to this assault, cyber forensics play a vital role either in educating society or combating the attacks. As cyber forensics is classified into many subdomains, memory forensics is the domain that leads in curbing these types of attacks. This article gives insight on importance of memory forensics and provides widespread analysis on working of ransomware, recognizes the workflow, provides the ways to overcome this attack. Furthermore, this article implements user defined rules by integrating into powerful search tools known as YARA to detect and prevent the ransomware attacks.
Article Preview

Importance Of Memory Forensics

RAM contains a lot of information, which is very useful for forensics professionals. Memory forensics provides unprecedented visibility into the runtime state of the systems which consists of the following:

  • 1.

    Running processes at the time of acquisition

This will be useful for the examiners to comprehend what files are running at that time. Sometimes suspicious process and suspicious applications can be found. However, the concealed malware and rootkits cannot be discovered in this.

  • 2.

    Network Configuration

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2021): Forthcoming, Available for Pre-Order
Volume 9: 4 Issues (2020): 3 Released, 1 Forthcoming
Volume 8: 4 Issues (2019)
Volume 7: 4 Issues (2018)
Volume 6: 2 Issues (2017)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing