Forensic Investigation Tool for Volatility Framework

Abstract

According to many research findings, the volatile memory has become a more vital space used by attackers and malicious users to store data that needs to be covert from others and avoid reverse-engineering. Since most incident response teams seldom study the volatile memory and lack the knowledge and equipment needed to extract information from it, there is plenty of data to back this up. Furthermore, the recent development of malicious codes can remain in the memory without affecting the physical disk. Therefore security analysts must prioritize and investigate the volatile memory as an important component rather than being following traditional logic thinking that the malicious users will only look into hard disk storage. The Volatility Framework is an open-source and free set of tools to analyze computer memory. This framework provides many options for data analysis in different aspects as a command-line interface. This makes complications for forensic analysts to memorize and use the tools and plugins. This research offers a GUI and extensions for the Volatility Framework, which simplifies the usage and provides a time-saving approach as the investigators do not want to memorize long command sequences.