<![CDATA[Memory acquisition process is one of digital forensics act. There are several tools that support memory acquisition process. At this time, there is a feature named secure mode that can caused crash or error in memory acquisition tools system and caused the tools to be unusable, also the loss of the computer memory. This research is focusing on analyzing the acquisition tools that has error or crash when the device that is being used for memory acquisition is in secure mode. The analysis is being carried out using static code analysis method, which is one of the techniques of reverse engineering, using IDA. This study aims to find the cause of the crash or error in memory acquisition tools. The purpose of this study is to be useful for digital forensic tester in understanding the potential risk of the secure mode impact in acquisition process. The results of this study indicate that different operating system and different kernel which runs in the device are the reasons that memory acquisition tools cannot run properly on VSM environment being turned on.]]>
Copyrights © 2023
