FATKit: A framework for the extraction and analysis of digital forensic data from volatile system memory Export

@article{citeulike:2985561, abstract = {We present the Forensic Analysis ToolKit (FATKit) - a modular, extensible framework that increases the practical applicability of volatile memory forensic analysis by freeing human analysts from the prohibitively-tedious aspects of low-level data extraction. FATKit allows analysts to focus on higher-level tasks by providing novel methods for automatically deriving digital object definitions from C source code, extracting those objects from memory images, and visualizing the underlying data in various ways. FATKit presently includes modules for general virtual address space reconstruction and visualization, as well as Linux- and Windows-specific kernel analysis.}, author = {Petroni, Jr and Walters, Aaron and Fraser, Timothy and Arbaugh, William A.}, citeulike-article-id = {2985561}, citeulike-linkout-0 = {http://dx.doi.org/10.1016/j.diin.2006.10.001}, citeulike-linkout-1 = {http://www.sciencedirect.com/science/article/B7CW4-4MD9G8V-1/1/590b382672f1e0a3d83f764d33be8132}, doi = {10.1016/j.diin.2006.10.001}, journal = {Digital Investigation}, keywords = {\_2006, forensic, framework, privacy, ram, security, toolkit}, month = {December}, number = {4}, pages = {197--210}, posted-at = {2008-07-10 17:13:15}, priority = {2}, title = {FATKit: A framework for the extraction and analysis of digital forensic data from volatile system memory}, url = {http://dx.doi.org/10.1016/j.diin.2006.10.001}, volume = {3}, year = {2006} }

TY - JOUR ID - citeulike:2985561 L3 - citeulike-article-id:2985561 N2 - We present the Forensic Analysis ToolKit (FATKit) - a modular, extensible framework that increases the practical applicability of volatile memory forensic analysis by freeing human analysts from the prohibitively-tedious aspects of low-level data extraction. FATKit allows analysts to focus on higher-level tasks by providing novel methods for automatically deriving digital object definitions from C source code, extracting those objects from memory images, and visualizing the underlying data in various ways. FATKit presently includes modules for general virtual address space reconstruction and visualization, as well as Linux- and Windows-specific kernel analysis. IS - 4 JF - Digital Investigation EP - 210 TI - FATKit: A framework for the extraction and analysis of digital forensic data from volatile system memory VL - 3 SP - 197 KW - _2006 KW - forensic KW - framework KW - privacy KW - ram KW - security KW - toolkit AU - Petroni, Jr AU - Walters, Aaron AU - Fraser, Timothy AU - Arbaugh, William PY - 2006/12// UR - http://dx.doi.org/10.1016/j.diin.2006.10.001 ER -