1Research scholar, Gujarat Technological University, Gujarat
2Dean FET, Parul University Vadodara, Gujarat
3Assistant Professor, Department of Forensic Medicine & Toxicology, All India Institute of Medical Sciences, Rajkot, Gujarat
*Corresponding Author Jaydevsinh B. Vala, Research Scholar, Gujarat Technological University, Gujarat, Email: jaydev.vala@gmail.com
Online published on 18 March, 2025.
Memory forensics has emerged as a pivotal aspect of digital forensics in the cybersecurity domain, particularly in light of the increasing prevalence of fileless malware that operates exclusively within a system's RAM. This paper delves into the intricacies of memory forensics, highlighting the challenges and stages involved in the investigation process. The challenges discussed encompass the complexities of acquiring data from secure operating systems, ensuring the integrity of memory snapshots, and the inherently volatile nature of memory. The investigation stages outlined include identifying rogue processes, detecting anomalies, examining network artifacts, and conducting thorough investigations of RAM dumps. The findings underscore the critical role of memory forensics in unveiling evidence that remains elusive in traditional disk-based forensics, such as encrypted data and traces of fileless malware. The paper underscores the necessity for ongoing research and development in memory forensics to keep pace with the evolving tactics of cybercriminals and to refine the tools and techniques utilized in digital investigations. Recommendations for future research encompass the development of more sophisticated memory acquisition methods, the application of machine learning and artificial intelligence for enhanced anomaly detection, and addressing the challenges posed by anti-debugging and anti-dumping mechanisms employed by contemporary operating systems.
Artifacts, Cyber-crimes, Digital Forensics, Investigations