Computer Security, Forensics and Ethical Hacking
Discussion Forum: Forensics Investigation
Advantage of Memory Forensics compared to a Traditional forensics investigation Method
Memory Forensics: It is a method of numerical analysis that is used to collect volatile components of evidence in real time. it's a procedure taking place in real time, which captures the memory dump, sorts and analyzes the information on system.
Advantages of Memory Forensics are-
. Study a system’s
configuration while it is running
. Identify in the system, what is happening in the memory and on the hard drive
.Trace the profile of the user or pirate, according to the activities
. It collects evidence that can't be found otherwise or which could disappear during a reboot
. Identify the rootkit
.Traditional Forensics, which requires bit-by-bit copying of data from a hard disk and memory, less effective.
. Attackers continually develop new ways of accessing IT systems more and more sophisticated malware and the injection of code directly into the RAM, Analyzing a hard disk by the traditional forensic method does not reveal malicious code