Memory Volatile Forensik Untuk Deteksi Malware Menggunakan Algoritma Machine Learning

Forensics from volatile memory plays an important role in the investigation of cybercrime. The acquisition of RAM memory or other terms of RAM dump can assist forensic investigators in retrieving much of the information related to crime. Some commonly used tools for analyzing RAM include volatility. It has happened that many forensic investigators are thinking that they probably have malware in the RAM dump. And, if they do exist, they're still not very capable Malware Analysts, so it's hard for them to analyze the possibilities of malware in a RAM dump. The availability of tools such as volatility allows forensic investigators to identify and link the various components to conclude whether the crime was committed using malware or not. user tools such as volatility require command-based knowledge of text and malware analysis. This work is done to assist forensic investigators in detecting and analyzing possible malware from dump RAM. This work is based on the volatility framework and the result is a forensic tool for analyzing RAM dumps and detecting possible malware in it using machine learning algorithms in order to detect offline (not connected to the internet).