The era of information technology has, unfortunately, contributed to the tremendous rise in the number of cybercriminal activities. As everybody is on the Internet nowadays, many perpetrators are invading our lives and stealing private information, credit card numbers, and copyrighted material, and even threatening innocent people and committing physical and digital crimes. Locating criminals and proving them guilty might involve tracing their GPS locations, IP addresses, Port Numbers, Used Applications, Potential Communications, etc. This might involve a direct investigation of their digital devices to look for artifacts that would associate them with the crime and prove them guilty in a court of law.

Therefore, Digital Forensics (DF) is vital for providing digital artifacts for crimes involving digital devices. The goal is to locate the digital artifacts that can be utilized in convicting cybercriminals and exposing their malicious activities. Digital forensics involves scientific methods that seek digital evidence by following standard methodologies that are admitted in a court of law.

However, until recently, investigators had only been interested in extracting pieces of evidence from permanent storage devices such as hard disks (HD) and solid-state drives (SSD). However, Main Memory or RAM forensics has been proven powerful in investigations. Various operations such as reading or writing to files need to go through the RAM, moreover, recent network connections, IP addresses, URLs, Port numbers, and chat messages are often RAM residents only; not to be found in permanent storage media. Therefore, RAM contains vital information about the current state of a system and its running applications such as processes, network connections, IPs, Port Numbers, Chat Messages, opened files, etc. In fact, some of this information cannot be found elsewhere. The RAM, though volatile, can be inspected for evidence and digital artifacts. Therefore, Memory Forensics (RAM Forensics) is a very important subdivision of Digital Forensics. Even though it is volatile, RAM might embody important information about the perpetrators’ activities, and often can direct the investigation and make it more focused on the relevant resources.

In this talk, I will introduce you to the field of digital forensics and memory forensics. Additionally, I will explain some of the research projects and research papers that I was involved with in relation to memory forensics.