Back to Search
Start Over
Database memory forensics: A machine learning approach to reverse-engineer query activity
- Source :
- Forensic Science International: Digital Investigation; March 2023, Vol. 44 Issue: 1, Number 1 Supplement 1
- Publication Year :
- 2023
-
Abstract
- Memory analysis allows forensic investigators to establish a more complete timeline of system activity using a snapshot of main memory (i.e., RAM). Investigators may rely on such analysis to detect malicious activity and understand the scope of what data was exfiltrated. This is of particular interest in the presence of incomplete or untrusted logs, where a privileged user (or an attacker with such capabilities) can altogether bypass or disable logging. In such instances, a forensic investigator can still rely on the fact that data must ultimately be processed in memory, regardless of the information that is recorded in audit logs.
Details
- Language :
- English
- ISSN :
- 26662825 and 26662817
- Volume :
- 44
- Issue :
- 1, Number 1 Supplement 1
- Database :
- Supplemental Index
- Journal :
- Forensic Science International: Digital Investigation
- Publication Type :
- Periodical
- Accession number :
- ejs62608761
- Full Text :
- https://doi.org/10.1016/j.fsidi.2023.301503