Evaluación de herramientas de software libre, para el sistema operativo Windows, en la adquisición de evidencias de la memoria RAM

Henry Gutiérrez Oquendo

doi:10.22490/25394088.5567

Vol. 16 No. 1 (2022)

Published 2022-02-20

license

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

When the Publicaciones e Investigaciones Journal receives an original study or article from its author(s), whether by email, postal service, or the platforms available for said purpose, know that it may be published in physical or electronic formats in national or international archives, databases, or SIRES. As such, Publications and Research authorizes the reproduction and citation of said material, provided that the description of information is carried out in conformity with bibliographic norms, and mention the corresponding names, authors, article, issue, and pages. Publications and Research, in advance, expresses that the information, concepts, and methods are the responsibility of the author(s). As such, the UNAD does not have any influence whatsoever over that expressed in the manuscript.

Reflexion Paper

Evaluation of free software tools, for the Windows operating system, in the acquisition of RAM memory evidences.

DOI: https://doi.org/10.22490/25394088.5567

Henry Gutiérrez Oquendo 0000-0002-8300-2014

PDF (Spanish)

HTML (Spanish)

Abstract
References

The objective of this article, is to evaluate free software tools of the Windows operating system, for the acquisition of evidence of RAM memory, using the ISO/IEC 25010 standard that defines characteristics and measures of quality of use of a product. The above takes into consideration the technical form for RAM dump analysis and the use of the specific tools DumpIt, FTK Imager, Windows Forensic Toolchest (WFT), OS Forensic and RamCapturer.

In order to guarantee the usefulness of the selected tools, it is contemplated to define, classify, identify, obtain, analyze and interpret results obtained with the Volatility tool, and thus be able to detect which instrument recovers more, the most efficient one that affects the evidence less. The latter is of utmost importance, since a very subtle alteration could change the HASH obtaining large scale problems in a trial.

keywords: Evidence acquisition, evaluation tools, RAM evidence.

ESSDATA. (2022). FTK Imager version 4.2.1. AccessData. https://accessdata.com/product-download/ftk-imager-version-4-2-1

Belkasoft. (2022). Belkasoft RAM Capturer: Volatile Memory Acquisition Tool. https://belkasoft.com/es/ram-capturer

Brezinski,D, Killallea, T. (2002). Directrices para la recopilación y el archivo de pruebas. https://www.ietf.org/rfc/rfc3227.txt

bytemind. (2020, febrero 27). Análisis forense con volatility. Byte Mind. https://byte-mind.net/analisis-forense-con-volatility/

Echavarría-Flórez, I. S., y Restrepo-Calle, F. (2020). Métricas de legibilidad del código fuente: Revisión sistemática de literatura. Revista Facultad de Ingeniería, 29(54), e11756-e11756. https://doi.org/10.19053/01211129.v29.n54.2020.11756

Granados, Á. C. M., y Buitrago, F. A. S. (2013). Evaluación y comparación de herramientas para el análisis forense en redes. Cuaderno Activa, 5, 31-37. https://ojs.tdea.edu.co/index.php/cuadernoactiva/article/view/128

Grispos, G., Storer, T., y Glisson, W. B. (2012). Calm Before the Storm: The Challenges of Cloud Computing in Digital Forensics. International Journal of Digital Crime and Forensics (IJDCF), 4(2), 28-48. https://doi.org/10.4018/jdcf.2012040103

ICIBE-Cert. (2015, noviembre 12). Introducción al análisis forense en móviles. INCIBE-CERT. https://www.incibe-cert.es/blog/introduccion-analisis-forense-en-moviles

Instituto Nacional de Ciberseguridad. (2021). INCIBE. INCIBE. https://www.incibe.es/

ISO 9000. (2015). ISO 9000:2015(es), Sistemas de gestión de la calidad—Fundamentos y vocabulario. https://www.iso.org/obp/ui/#iso:std:iso:9000:ed-4:v1:es

ISO 25000. (2021). NORMAS ISO 25000. https://iso25000.com/index.php/normas-iso-25000?limit=4&limitstart=0

ISO/CEI 25022. (2016). ISO/IEC 25022:2016. ISO. https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/03/57/35746.html

ISO/CEI TR 9126-3. (2003). ISO/IEC TR 9126-3:2003. ISO. https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/02/28/22891.html

ISO-IEC 9126-2 “Métricas Externas”—INSTITUTO POLITECNICO NACIONAL. (2003). https://1library.co/article/iso-iec-m%C3%A9tricas-externas-instituto-politecnico-nacional.z3d0458e

ISO/IEC 25010. (2011). ISO/IEC 25010:2011(en), Systems and software engineering—Systems and software Quality Requirements and Evaluation (SQuaRE)—System and software quality models. https://www.iso.org/obp/ui/#iso:std:iso-iec:25010:ed-1:v1:en

ISO/IEC 27037. (2012). ISO/IEC 27037 Directrices para identificación, recopilación, adquisición y preservación de evidencia digital. Ciberseguridad. https://ciberseguridad.com/normativa/espana/iso-iec-27037-evidencia-digital/

ISO/IEC TR 9126-4. (2004). ISO/IEC TR 9126-4:2004. ISO. https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/03/97/39752.html

Lázaro Domínguez, Francisco. (2014). E Libro. https://bv.unir.net:2769/es/ereader/unir/106250?page=97

Lima, J. S. G., y Cajamarca, B. L. (2017). Modelo para el análisis forense y la legalización de evidencia digital atípica en procesos judiciales en Ecuador. CienciAmérica: Revista de divulgación científica de la Universidad Tecnológica Indoamérica, 6(3), 89-95. https://dialnet.unirioja.es/servlet/articulo?codigo=6163708

McDougal, Monty. (2017). Software y seguridad de Fool Moon. http://www.foolmoon.net/security/

NAXHACK5. (2016). Análisis Forense II – Adquisición de memoria RAM – Follow The White Rabbit. https://fwhibbit.es/analisis-forense-ii-adquisicion-de-memoria-ram

Normas ISO 25000. (2021). ISO/IEC 2502n – División de Medición de Calidad. https://iso25000.com/index.php/normas-iso-25000/8-iso-iec-2502n

Oficina Federal de Investigaciones. (2021). Cyber Crime [Folder]. Federal Bureau of Investigation. https://www.fbi.gov/investigate/cyber

Quintana, L. B., y Medina, C. R. (2018). Herramienta de Extracción de Información de Malware. 95.

Rafael_L_R. (2019). Perito Informático y Tecnológico - PeritoIT. http://peritoit.com

Soft32. (2022). Descargar DumpIt 1.3.2. https://dumpit.soft32.com/

Software PASSMARK. (2021). OSForensics—Download. https://www.osforensics.com/download.html

license

How to Cite

Gutiérrez Oquendo, H. (2022). Evaluation of free software tools, for the Windows operating system, in the acquisition of RAM memory evidences. Publicaciones E Investigación, 16(1). https://doi.org/10.22490/25394088.5567

Download Citation

Almétricas