Digital Forensic Scientist

less than 1 minute read

Today we are talking about 'Robust bootstrapping memory analysis against anti-forensics' by Lee Kyoungho, Hwang Hyunuk, Kim Kibom and Noh BongNam. This paper deals with anti-forensics techniques against memory analysis, as well as using KiInitialPCR as a more tamper-resistant data structure for OS fingerprinting and process list extraction.

K. Lee, H. Hwang, K. Kim, and B. Noh, “Robust bootstrapping memory analysis against anti-forensics,” Digit. Investig., vol. 18, Supplement, pp. S23–S32, Aug. 2016.

Science Direct: http://www.sciencedirect.com/science/article/pii/S1742287616300408
DFRWS Archive: https://www.dfrws.org/file/712/download?token=sWs0HHYB




You may also enjoy

iLEAPP and RLEAPP updates and dev thoughts

Alex (@kviddy) has been pushing some extremely useful updates to the open-source Android forensic tool - [ALEAPP](https://github.com/abrignoni/ALEAPP]. Speci...

What data can you find in RAM?

To determine if you need to collect Random Access Memory on-scene, it is useful to know what kinda of investigation-relevant data is often available in RAM.

Modular artifact scripts coming to iLEAPP

kviddy has been pushing some great core updates to ALEAPP. Specifically, artifact scripts are now self-contained. This means that script authors no longer ne...