Show simple item record

dc.contributor.authorVidas, Timothy
dc.date1997
dc.date.accessioned2016-07-27T18:16:56Z
dc.date.available2016-07-27T18:16:56Z
dc.date.issued2007
dc.identifier.citationVidas, Timothy. "Providing a Foundation for Analysis of Volatile Data Stores." The Journal of Digital Forensics, Security and Law: JDFSL 2.3 (2007): 45-56.en_US
dc.identifier.urihttp://hdl.handle.net/10945/49297
dc.descriptionSome related preliminary work was previously presented at the Third Annual IFIP WG 11.9 International Conference on Digital Forensics in Orlando, FL on January 28-31, 2007.en_US
dc.description.abstractCurrent threats against typical computer systems demonstrate a need for forensic analysis of memory-resident data in addition to the conventional static analysis common today. Certain attacks and types of malware exist solely in memory and leave little or no evidentiary information on nonvolatile stores such as a hard disk drive. The desire to preserve system state at the time of response may even warrant memory acquisition independent of perceived threats and the ability to analyze the acquired duplicate. Tools capable of duplicating various types of volatile data stores are becoming widely available. Once the data store has been duplicated, current forensic procedures have no method for extrapolating further useful information from the duplicate. This paper is focused on providing the groundwork for performing forensic investigations on the data that is typically stored in a volatile data store, such as system RAM. It is intended that, when combined with good acquisition techniques, it will be shown that it is possible to obtain more post incident response information along with less impact to potential evidence when compared to typical incident response procedures.en_US
dc.format.extent12 p.en_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.en_US
dc.titleProviding a Foundation for Analysis of Volatile Data Storesen_US
dc.typeArticleen_US
dc.contributor.corporateNaval Postgraduate School (U.S.)en_US
dc.subject.authordigital forensicsen_US
dc.subject.authorvolatilityen_US
dc.subject.authorRAMen_US
dc.subject.authorwindows forensicsen_US
dc.subject.authorcomputer memoryen_US
dc.subject.authoracquisitionen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record