DSpace Welsh Repository Network Partner WRN Partners

University of South Wales DSpace >
University of South Wales >
Advanced Technology >
Computer Science >

Please use this identifier to cite or link to this item: http://hdl.handle.net/10265/510

Title: Acquiring volatile operating system data tools and techniques
Authors: Sutherland, Iain
Blyth, Andrew J.
Issue Date: 2-May-2012
Citation: Sutherland, I., Evans, J., Tryfonas, T. and Blyth, A. (2008) 'Acquiring volatile operating system data tools and techniques', ACM SIGOPS Operating Systems Review, 42(3), pp: 65-73.
Abstract: The current approach to forensic examination during search and seizure has predominantly been to pull the plug on the suspect machine and subsequently perform a post mortem examination on the storage medium. However, with the advent of larger capacities of memory, drive encryption and anti-forensics, this procedure may result in the loss of valuable evidence. Volatile data may be vital in determining criminal activity; it may contain passwords used for encryption, indications of anti-forensic techniques, memory resident malware which would otherwise go unnoticed by the investigator. This paper emphasizes the importance of understanding the potential value of volatile data and how best to collate forensic artifacts to the benefit of the investigation, ensuring the preservation and integrity of the evidence. The paper will review current methods for volatile data collection, assessing the capabilities, limitations and liabilities of current tools and techniques available to the forensic investigator.
URI: http://hdl.handle.net/10265/510
Appears in Collections:Computer Science

Files in This Item:

There are no files associated with this item.

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.


Valid XHTML 1.0! DSpace Software Copyright © 2002-2010  Duraspace - Feedback