CtrlK

Computer Systems Forensic Analysis

CtrlK

Computer Systems Forensic Analysis

Computer Systems Forensic Analysis
Overview of Cybercrime
Introduction to Digital Forensics
Obtaining Evidences
Data Organization
Storage Devices
Volumes and Partitions
RAM Analysis
Mobile Forensics
Open Source INTelligence
Documentation and Reporting

Powered by GitBook

On this page

RAM Analysis

RAM Analysis

If evidence of compromise is never written to a hard drive, we cannot rely on disk forensics!

Volatile memory has a high potential to contain:

malicious code from an infection, in whole or in part, because it must be loaded in memory to execute.
evidence that system resources were allocated by the malicious code.
encryption keys and passwords, or the plain-text contents of files before they were encrypted.

Last updated 1 year ago