TOWARD RAM FORENSICS SUPPORTEDBY MACHINE-LEARNING METHODS

Authors

  • Paweł Topa AGH University of Krakow, al. Mickiewicza 30, 30-059, Krakow, Poland
  • Kamil Jurczyk AGH University of Krakow, al. Mickiewicza 30, 30-059, Krakow, Poland
  • Lukasz Faber AGH University of Krakow, al. Mickiewicza 30, 30-059, Krakow, Poland

DOI:

https://doi.org/10.7494/csci.2025.26.4.6822

Abstract

In this article, we propose an enhancement to the computer forensics technique of using Machine Learning tools to analyse the contents of RAM in order to extract information potentially useful during an investigation. In the specific case presented, the use of the extracted information to generate more optimal dictionaries for dictionary cryptanalysis is considered. Increasing user awareness is making cryptanalysis of passwords increasingly difficult for law enforcement. Long and complex passwords are impossible to crack, even when high-performance computing platforms are available. A sensible method of optimization is to look for hints to use a dictionary that contains text phrases more likely to be used in the specific case under attack. Such a hint could be an analysis of RAM taken from the suspect computer. Machine learning methods can significantly facilitate this task. In this article, we also explore the effectiveness of such an approach and its usefulness in practical applications. We also consider applications of the proposed approach for other purposes, such as OSINT.

Downloads

Download data is not yet available.

Downloads

Published

2025-12-28

Issue

Vol. 26 No. 4

Section

Articles

License

Copyright (c) 2025 Computer Science

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Topa, P., Jurczyk, K., & Faber, L. (2025). TOWARD RAM FORENSICS SUPPORTEDBY MACHINE-LEARNING METHODS. Computer Science, 26(4). https://doi.org/10.7494/csci.2025.26.4.6822
Crossref
Scopus
Google Scholar
Europe PMC