【摘要】
Volatile memory forensics-a live forensic approach to collect real time activity based artifacts which may not be possible through postmortem forensics. Volatile memory forensics techniques inspect RAM to extract information such as passwords, encryption keys, network activity, open files and the set of processes and threads currently running within an operating system. Volatile memory dump is used for offline investigation of live data. In this research signature based artifacts identification done using keywords and default hex values. In this research various challenging scenario is discussed and using regular expressions evidence signatures are identified. Besides these scenarios recent Ransomware attacks can also be solved using volatile memory forensic analysis.