Techniques and Tools for Recovering and Analyzing Data from Volatile Memory

by Kristine Amari
Sept. 1, 2017 0 comments SANS Institute Encryption & Authentication forensics

There are many relatively new tools available that have been de veloped in order torecover and dissect the informati on that can be gleaned from vo latile memory, but becausethis is a relatively new and fa st-growing field many forensic a nalysts do not know or takeadvantage of these assets. Volatil e memory may contain many pie ces of information relevantto a forensic investigation, such as passwords, cryptographic k eys, and other data. Havingthe knowledge and tools needed to r ecover that data is essentia l, and this capability isbecoming increasingly more relev ant as hard drive encryption an d other security mechanismsmake traditional hard disk forens ics more challenging. This pa per will cover the theory behindvolatile memory analysis, inclu ding why it is important, what k inds of data can be recovered