Hello guest, if you read this it means you are not registered. Click here to register in a few simple steps, you will enjoy all features of our Forum.
Rules have been updated! Here

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5

[-]
Tags
in analysis ram importance of state forensic digital

Importance of RAM State in Digital Forensic Analysis
#1
Heart 
Digital forensic experts understand the importance of remembering to perform a RAM Capture on- Crime Scene Investigation so as to not leave valuable evidence behind. Capturing volatile data in a computer's memory dump enables investigators and examiners to do a full memory analysis and access data including:
browsing history
encryption keys
chat messages
clipboard contents
run-time system activity
open network connections (often these artifacts are only found in RAM)
recently executed commands and processes
injected code fragments
memory stored before shut down or crash

The practice of RAM Capture is an important aspect of memory forensics that can be used during a digital forensic investigation of criminal activity, hacking, cyber crime or insider threats. In the case of hacking, attackers sometimes develop malware that only lives in memory which makes it difficult to detect if random access memory is not captured.
[-] The following 5 users say Thank You to MaskedUser for this post:
  • Bl4ckCyb3rEnigm4, cenahum, ciccioriccio, shahbazahmad444, ThisIsHerself
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)