AUMFOR: Automated Memory Forensics for Malware Analysis

Abstract

Day by day cyber crimes and attacks are growing exponentially, every year companies in worldwide lose billions of dollars due to cyber attacks. It has became very essential to investigate and indentify root of cyber attack. One of the popular techniques of investigating is Memory Forensics, which refers to analysis of volatile data in computer’s memory dump. Investigators conduct necessary memory forensics to investigate and identify attacks or malicious behaviours that do not leave easily detectable tracks on hard drive data. There are varieties of tools available for RAM analysis including Volatility, which currently dominates open source RAM forensic tools. However, use of volatility requires knowledge of command line tool and dynamic as well as static malware analysis; it becomes very complex and tedious process. The work mentioned in document is aimed to help forensic investigators and researchers by providing GUI based Tool for Automated Memory Forensics (AUMFOR). AUMFOR do perform all complex and tedious work automatically, it also analyzes and gives final accurate reports about possibilities of use of malware in committing a crime.