Wednesday, 3 September 2014

Tools Manipulating RAM to Mislead Cyber crime Investigators


ADD
ADD, attention deficit disorder, a tool changes the structure of the Windows physical memory and thereby, disturbs the memory functioning of the system and changing the pattern of the memory consolidation within the system. What it does is, make fake files, fake network connections, bad server dumps and ultimately, making a false background of the memory track. With this increasing amount of false server lists along with a great number of fake network connections are allowing cyber manipulators to work without much threat and do their job at a swift pace.

What cyber crime analysts and investigators do? 

There is always a memory dump in any computer system that has been running. Whatever occurs in the process, while the computer is running, every memory goes into the memory dump and that can be identified and objected at any point of time. This memory dump allows you to understand the pattern of surfing along with the network and server connections that have been subjected by the user. Every list of used objects gets located in the memory dump and the analysts using their analytics tools capture this dump and go through it to find any range of crime or misconduct and thereby, work in a way to prevent cyber crimes in a particular location or network. Cybercrime analysts have had a huge amount of job in the present time with an increasing amount of cyber frauds. An analyst looks for:-

  • Proof of private sessions
  • Passwords history
  • Browsing networks
  • Malwares and encrypted codes that form a part of the memory but not the disk.
The new tool creating hazard for the cyber crime investigators:- 

With the advent of internet, there is an increase in the amount of frauds and large network scams in the area of cyber use for thefts, frauds, cheating and other miscellaneous activities. ADD has come up with a facility that allows the user to dislocate itself from the normal network browsing history and relocated at a different location and finally disrupting the RAM. With a change in the memory location, it becomes utterly difficult for the cyber analysts to find the exact IP address and browsing history.

 A bigger problem exists with the fact that the attacker may insert such attacking and fake files into the network that allows another cyber crime group to attack at another networking sites and creating a greater number of malwares that will affect the RAM and disrupt the whole memory dumping process.

The cyber crime network is getting stronger with every passing minute and is using such artifacts that are very tough to validate and analyse. Even if the hacked system gets into the hands of the analyst, the ADD tool that has created the hazard will send the analyst on a journey that is far from the actual event and therefore, will add more to the confusion and hacking the malwares would not be possible.

The anti- cyber crime and cyber theft intercom are also trying to increase their resources and technologies that will allow them to build a stronger cyber rule and disallow the cyber attacker to attack the RAM and disturb the memory use.

No comments:

Post a comment

Note: only a member of this blog may post a comment.