Abstract
In this paper we challenge the widely accepted approach where a first responder does not capture the RAM of a computer system if found to be powered off at a crime scene. We investigate the presence of confidential data in RAM such as user passwords. Our findings show that even if the computer is switched off but not removed from the mains, the data are preserved. In fact, when a process is terminated but the computer is still operating, the respective data are more likely to be lost. Therefore capturing the memory could be as critical on a switched off system as on a running one.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
van Baar, R., Alink, W., van Ballegooij, A.: Forensic Memory Analysis: Files. Mapped in Memory. In: Digital Forensic Research Workshop, vol. 5, pp. 52–57 (2008)
Gavitt, B.: Forensic analysis of the Windows registry in memory. Digital Investigation 5, 26–32 (2008)
Adlestein, F.: Live forensics: diagnosing your system without killing it first. Communications of the ACM 49(2), 63–66 (2006)
Halderman, J., Schoen, S., Heninger, N., Clarkson, W., Paul, J., Calandrino, A., Feldman, A., Appelbaum, J., Felte, E.: Lest We Remember: Cold Boot Attacks on Encryption Key. In: 2008 USENIX Security Symposium (2008)
Carrier, B., Spafford, E.: Categories of digital investigation analysis techniques based on the computer history model. Digital Investigation 3S, 121–130 (2006)
The Volatility Framework: Volatile memory artifact extraction utility framework, https://www.volatilesystems.com/default/volatility
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Karayianni, S., Katos, V. (2012). Practical Password Harvesting from Volatile Memory. In: Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds) Global Security, Safety and Sustainability & e-Democracy. e-Democracy ICGS3 2011 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 99. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33448-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-33448-1_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33447-4
Online ISBN: 978-3-642-33448-1
eBook Packages: Computer ScienceComputer Science (R0)