Towards the Utilization of Parallel Programming to Speed up RAM Forensics

Category of Work

Conference

Title of Conference/Lecture Series

Tenth International Conference on Software Defined Systems (SDS)

Abstract

Memory forensics uses volatile digital artifacts as evidence about criminal activities. Analyzing captured memory dumps for volatile data requires time and effort. This paper studies the utilization of parallel programming to speed up RAM forensics. It presents a performance-based evaluation of parallel programming in the domain of memory forensics and compares sequential and parallel approaches to speed up the memory analysis process. First, it evaluates the sequential approach and uses it as a base case for further parallel approaches. Second, it evaluates two of the parallel approaches that can be performed on a typical user machine. Our experiments evaluate the use of two parallel programming paradigms: the in-process parallelization approach using OpenMP, and the inter-process parallelization approach using MPI. Our results compare the performance of the sequential approach, OpenMP thread-based approach, and MPI process-based approach. Experimentations compare the performance of three scenarios using six files of different sizes and various numbers of threads and/or processes. The results show that the use of MPI is slightly better than OpenMP approaches on the use of 2 and 4 processes/threads. However, when the number of processors/threads is increased to 8 and 16, OpenMP slightly outperforms the MPI approach. Additionally, the parallelization approach using OpenMP and MPI provides 3X to 5X speed up over the traditional sequential approach. Moreover, it is worth mentioning that this speed-up is achieved on traditional user machines without the use of HPC computers.

First Page

73

Last Page

80

DOI

https://doi.org/10.1109/SDS59856.2023.10328999

Presentation Date

10-24-2023

Link to Full Text

Share

COinS