Title: On classifying memory contents at page-level granularity: machine-learning approach

Authors: Mohammed I. Al-Saleh; Akram Alkouz; Abdulsalam Alarabeyyat; Majed Bouchahma

Addresses: Computer Science Department, Jordan University of Science and Technology, Irbid, Jordan; Computer Information System, Higher Colleges of Technology, UAE ' Computer Information System, Higher Colleges of Technology, UAE ' Computer Information System, Higher Colleges of Technology, UAE; Software Engineering Department, Al-Balqa' Applied University, Salt, Jordan ' Computer Information System, Higher Colleges of Technology, UAE

Abstract: A significant challenge faced by digital investigators in the realm of law is performing digital media triage, which involves determining the relevant data that may aid in a criminal investigation. Effective triage can save time and improve investigative outcomes, particularly in memory investigation, as its contents are often scattered and diverse. Identifying and classifying file types in memory can be difficult due to the way the operating system's paging scheme maps file contents into non-consecutive page frames in physical memory. This paper presents a machine learning approach to triage memory content at the page level, focusing on the classification of common file types within the context of law. The study conducted various experiments, and the results indicate that it is possible to accurately classify in-memory data into primary file categories, thus contributing to the field of digital investigation in accordance with legal processes.

Keywords: memory forensics; digital media triage; machine learning; file type detection; digital forensics; classifying memory content.

DOI: 10.1504/IJESDF.2026.150184

International Journal of Electronic Security and Digital Forensics, 2026 Vol.18 No.1, pp.12 - 38

Received: 27 Sep 2023
Accepted: 21 Dec 2023
Published online: 03 Dec 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article