FATKit: A framework for the extraction and analysis of digital forensic data from volatile system memory
NL Petroni Jr, A Walters, T Fraser, WA Arbaugh - Digital Investigation, 2006 - Elsevier
We present the Forensic Analysis ToolKit (FATKit)–a modular, extensible framework that
increases the practical applicability of volatile memory forensic analysis by freeing human
analysts from the prohibitively-tedious aspects of low-level data extraction. FATKit allows
analysts to focus on higher-level tasks by providing novel methods for automatically deriving
digital object definitions from C source code, extracting those objects from memory images,
and visualizing the underlying data in various ways. FATKit presently includes modules for …
increases the practical applicability of volatile memory forensic analysis by freeing human
analysts from the prohibitively-tedious aspects of low-level data extraction. FATKit allows
analysts to focus on higher-level tasks by providing novel methods for automatically deriving
digital object definitions from C source code, extracting those objects from memory images,
and visualizing the underlying data in various ways. FATKit presently includes modules for …