Catching the ghost: how to discover ephemeral evidence with live RAM analysis

Until very recently, it was a standard practice for European law enforcement agencies to approach running computers with a “pull-the-plug” attitude without recognizing the amount of evidence lost with the content of the computer’s volatile memory. While certain information never ends up on the hard drive, such as ongoing communications in social networks, data on running processes or open network connections, some other information may be stored securely on an encrypted volume. By simply pulling the plug, forensic specialists will slam the door to the very possibility of recovering these and many other types of evidence…

Read More…

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...