Winners 2017

A Volatile Memory based Forensic Tool for Retrieval of Social Media Evidence



 Product Description

A significant amount of data is stored in volatile memory in a computer, such traces might be very important evidence in a crime case. For example, all information exchanged through a chat application have to pass through the volatile memory of the system at some point. Although many applications tend to provide end-to-end encryption, research shows that applications write unencrypted data to the RAM, which is the main extract of this application.

This product allows forensics investigators retrieve evidences from volatile memory of a computer. The application focuses more towards recovery of social media related evidences such as traces from instant messaging (IM). The tool is to be used by digital forensics investigators.

This lets users without prior knowledge of the application to easily understand and use the application for volatile memory analysis purposes. Each type of evidence retrieved is organized into tabs in a tabular format. Additionally, the developed application creates a SHA-512 hash for integrity verification of the dump file ensuring that evidence retrieved is valid in-front of a legal body.


Jurors’ Evaluation

The product is a good research project. Although there are documented ways of capturing volatile memory based evidences, this product can make the process straight forward and pain free. It has covered several social and chat applications and presents data in a user-friendly manner.

There were no details presented of use of the application in a real-world investigation yet. But the product was tested by a professional in the digital forensics field for the usefulness. The technical design of the system is done in an extensible manner to accommodate more features as required. Although there are some commercial product available in the field of volatile memory analysis, the effort of making this tool user friendly is much appreciated.

Producer          : Ranul Deelaka Thantilage