Computer Engineering Commons^™

Providing A Foundation For Analysis Of Volatile Data Stores, Timothy Vidas

Journal of Digital Forensics, Security and Law

Current threats against typical computer systems demonstrate a need for forensic analysis of memory-resident data in addition to the conventional static analysis common today. Certain attacks and types of malware exist solely in memory and leave little or no evidentiary information on nonvolatile stores such as a hard disk drive. The desire to preserve system state at the time of response may even warrant memory acquisition independent of perceived threats and the ability to analyze the acquired duplicate.

Tools capable of duplicating various types of volatile data stores are becoming widely available. Once the data store has been duplicated, current …