Microsoft Word 6 for Windows resource kit
Microsoft Word 6 for Windows resource kit
Forensic Discovery
Investigating sophisticated security breaches
Communications of the ACM - Next-generation cyber forensics
Risks of live digital forensic analysis
Communications of the ACM - Next-generation cyber forensics
Live forensics: diagnosing your system without killing it first
Communications of the ACM - Next-generation cyber forensics
Windows Forensics and Incident Recovery (The Addison-Wesley Microsoft Technology Series)
Windows Forensics and Incident Recovery (The Addison-Wesley Microsoft Technology Series)
The Windows Registry as a forensic artefact: Illustrating evidence collection for Internet usage
Digital Investigation: The International Journal of Digital Forensics & Incident Response
User data persistence in physical memory
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Instant messaging investigations on a live Windows XP system
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A hardware-based memory acquisition procedure for digital investigations
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Vis: virtualization enhanced live acquisition for native system
Proceedings of the Second Asia-Pacific Workshop on Systems
A survey of main memory acquisition and analysis techniques for the windows operating system
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Security and Communication Networks
Pypette: A Platform for the Evaluation of Live Digital Forensics
International Journal of Digital Crime and Forensics
Hi-index | 0.00 |
The current approach to forensic examination during search and seizure has predominantly been to pull the plug on the suspect machine and subsequently perform a post mortem examination on the storage medium. However, with the advent of larger capacities of memory, drive encryption and anti-forensics, this procedure may result in the loss of valuable evidence. Volatile data may be vital in determining criminal activity; it may contain passwords used for encryption, indications of anti-forensic techniques, memory resident malware which would otherwise go unnoticed by the investigator. This paper emphasizes the importance of understanding the potential value of volatile data and how best to collate forensic artifacts to the benefit of the investigation, ensuring the preservation and integrity of the evidence. The paper will review current methods for volatile data collection, assessing the capabilities, limitations and liabilities of current tools and techniques available to the forensic investigator.