Title :
Tools for collecting volatile data: A survey study
Author :
Carvajal, Laura ; Varol, Cihan ; Lei Chen
Author_Institution :
Dept. of Comput. Sci., Sam Houston State Univ., Huntsville, TX, USA
Abstract :
Volatile information is a critical element when conducting a digital investigation. As a result, commercial and open source tools are becoming more varied in which options they offer to users. This paper compares six forensic tools including: FTK Imager, Pro Discover, Win32dd, Nigilant32, Memoryze, and Helix3 (dd). The evaluation of each forensic tool is based on the following capabilities: user interface, reporting, processing time, training, and leaving fingerprints or artifacts. We have observed that if time is the concern, command line forensic tools such as Win32dd and Memoryze are faster in acquiring physical memory contents than the graphical user interface tools such as FTK imager, ProDiscover, Nigilant32, and Helix3. In addition, Win32dd leaves the least fingerprints using 13.55 MB in memory when loaded. On the other hand, FKT Imager leaves the most fingerprints using 155 MB of RAM.
Keywords :
digital forensics; graphical user interfaces; public domain software; FTK Imager; Helix3; Memoryze; Nigilant32; Pro Discover; Win32dd; artifacts; command line forensic tools; commercial tools; digital investigation; graphical user interface tools; leaving fingerprints; open source tools; physical memory contents; processing time; reporting; training; volatile data collection; volatile information; Forensics; Graphical user interfaces; Random access memory; Software; Training; forensic tools; memory acquisition; volatile data;
Conference_Titel :
Technological Advances in Electrical, Electronics and Computer Engineering (TAEECE), 2013 International Conference on
Conference_Location :
Konya
Print_ISBN :
978-1-4673-5612-1
DOI :
10.1109/TAEECE.2013.6557293
