Memory Forensic comparison Volatility and Autopsy
Memory Forensic comparison Volatility and Autopsy
| dc.contributor.author | Soto, Max Kaeo | |
| dc.date.accessioned | 2021-12-22T20:28:45Z | |
| dc.date.available | 2021-12-22T20:28:45Z | |
| dc.date.issued | 2021-11 | |
| dc.description | A student presentation to the Fall 2021 Student Research and Creative Works Symposium | |
| dc.description.abstract | The tools being looked at are Autopsy and Volatility. To keep the testing similar all resources will be the same this includes Virtual machine software same amount of CPU cores and Memory dedicated to the Virtual Machine. The Virtual machines that will be used to conduct tests are Kali Linux and Windows 10. Careful consideration was taking into place so that each tool was supported by each operating system. Each test will be using the same memory payload for each tool. Volatility was found not to have that much of a difference between the Kali and Windows 10 VM. Both versions of Volatility performed the same. This includes the Syntax and how you run the program. For Autopsy both versions are vastly different. The Linux version uses a web interface opposed to the Windows version. The Windows version also displays more data and can support more form of forensic evidence. Its best to use the windows version of Autopsy. And for Volatility it comes down to self-preference Kali Linux or Windows. | |
| dc.format.extent | 1 page | |
| dc.identifier.uri | http://hdl.handle.net/10790/6833 | |
| dc.language.iso | English | |
| dc.publisher | University of Hawaiʻi — West Oʻahu | |
| dc.rights | Attribution-NonCommercial-NoDerivs 3.0 United States | |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/3.0/us/ | |
| dc.title | Memory Forensic comparison Volatility and Autopsy | |
| dc.type | Presentation | |
| dc.type.dcmi | text |
Files
Original bundle
1 - 1 of 1
- Name:
- ssym-fall2021-0020.pdf
- Size:
- 521.03 KB
- Format:
- Adobe Portable Document Format
- Description: