Hi,
I am currently doing research for my final year dissertation into the effects cooling has on RAM after power is lost from a system. I know this has been done but I am doing my dissertation on best practices/guidelines for forensic investigators.
Basically I need a program/software that writes a particular pattern to RAM so that the power can be pulled before the RAM is imaged and analysed. I understand that it will be impossible to write to every part of RAM as some will already be in use, unless there is a way to do this without the OS being booted?
Does anybody have any advice on what software or code could be used to write a particular pattern to as much RAM as possible or software that can be used to image RAM before OS is booted to leave as little footprint as possible.
Thanks in advance!
grub4dos
http//
Forum
http//
Basic guide (now a bit obsolete, as a number of new commands/features/etc. have been added in the meantime, but still useful to gget the hang of it)
http//
can access RAM directly and has an internal dd command (besides scripting capabilities, very similar to CMD.EXE batches).
It should be the smallest environment you can find.
The only limit is that you cannot use the dd to "create" a file (if not through an add-on and only on FAT), but you can use it to "populate/fill" an existing file on *any* filesystem, including NTFS or Ext2/3/4.
jaclaz
Basically I need a program/software that writes a particular pattern to RAM so that the power can be pulled before the RAM is imaged and analysed. I understand that it will be impossible to write to every part of RAM as some will already be in use, unless there is a way to do this without the OS being booted?
If you decide to work in a DOS environment, for example, you can do pretty much what you like as long as you relize that you won't return to a DOS prompt – overwrite memory as much as you want.
And if you examine the design of MBR boot code, and learn how to write your own – which in this case won't boot anything, but instead do the writing you want to perform.
Of course, you need to understand the architecture of the processor you'll be using. And you probably also need to understand BIOS programming, if you decide to work on top of BIOS.
I would expect you to have to produce your own code, though.
Hi,
Jaclaz, thanks for the information I will have a look into the guides you have put up. I have a bit of spare time to have a play around with the commands before I have to do the actual experiments.
Cheers!
Athulin, Thank you I had a feeling like DOS would be the answer and have the littlest footprint in RAM. I will speak to my supervisor and see what he thinks about the writing my own boot code but this may not be viable in the amount of time I have but I will look into it.
Many thanks
Chris
about the writing my own boot code but this may not be viable in the amount of time I have
With all due respect ) , allow me to doubt that you will be able to write *something* that can boot and perform the operations you require in even some more time 😯 .
If you want to write your own software, it would be IMHO smarter to stand on the shoulder of the giants wink , like
http//
Or you might want to research (depending on the EXACT type of RAM modules on which you want to make the study/research) if some hardware *like* these
http//
http//
can be found/still exists/etc.
Or go for a "microcontroller development board", something *like*
http//
http//
jaclaz