Volatools : Integrating Volatile Memory Forensics into the Digital Investigation Process

  title={Volatools : Integrating Volatile Memory Forensics into the Digital Investigation Process},
  author={Aaron Walters and Nick L. Petroni},
In this work, we demonstrate the integral role of volatile memory analysis in the digital investigation process and how that analysis can be used to help address many of the challenges facing the digital forensics community. We also provide a look at some of the shortcomings of existing approaches to live response. Finally, we provide the technical details for extracting in-memory cryptographic keying material from a popular disk encryption application without knowledge of the password. 
Highly Influential
This paper has highly influenced 12 other papers. REVIEW HIGHLY INFLUENTIAL CITATIONS
Highly Cited
This paper has 90 citations. REVIEW CITATIONS


Publications citing this paper.
Showing 1-10 of 58 extracted citations

Visualizing Indicators of Rootkit Infections in Memory Forensics

2013 Seventh International Conference on IT Security Incident Management and IT Forensics • 2013
View 5 Excerpts
Highly Influenced

Capturing encryption keys for digital analysis

Proceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems • 2011
View 4 Excerpts
Highly Influenced

Robust signatures for kernel data structures

ACM Conference on Computer and Communications Security • 2009
View 7 Excerpts
Highly Influenced

Recovery of Encryption Keys from Memory Using a Linear Scan

2008 Third International Conference on Availability, Reliability and Security • 2008
View 6 Excerpts
Highly Influenced

91 Citations

Citations per Year
Semantic Scholar estimates that this publication has 91 citations based on the available data.

See our FAQ for additional information.


Publications referenced by this paper.
Showing 1-10 of 38 references

Searching for processes and threads in Microsoft Windows memory dumps

Digital Investigation • 2006
View 4 Excerpts
Highly Influenced

Windows Incident Response

Harlan Carvey
Available at: http://windowsir.blogspot.com • 2006
View 4 Excerpts
Highly Influenced

Beyond The CPU: Cheating Hardware Based RAM Forensics

Joanna Rutkowska
View 1 Excerpt

Forensic Analysis of Open Source Disk Encryption Tools

Ronald Weiss
DoD Cyber Crime Conference • 2007
View 2 Excerpts

Windows Forensic Toolchest

Monty McDougal
Available at: http://www.foolmoon.net/security/wft/ • 2007
View 1 Excerpt

Windows Vista Forensic Jumpstart Part I and Part II , January 2007

Jim Moeller
DoD Cyber Crime Conference • 2007

Challenges in Digital Forensics

Ted Lindsey
Proceedings of the 2006 Digital Forensic Research Workshop (DFRWS) • 2006
View 1 Excerpt

Similar Papers

Loading similar papers…