Global Security, Safety and Sustainability & e-Democracy. 7th International and 4th e-Democracy, Joint Conferences, ICGS3/e-Democracy 2011, Thessaloniki, Greece, August 24-26, 2011, Revised Selected Papers

Research Article

Practical Password Harvesting from Volatile Memory

Download72 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-33448-1_3,
        author={Stavroula Karayianni and Vasilios Katos},
        title={Practical Password Harvesting from Volatile Memory},
        proceedings={Global Security, Safety and Sustainability \& e-Democracy. 7th International and 4th e-Democracy, Joint Conferences, ICGS3/e-Democracy 2011, Thessaloniki, Greece, August 24-26, 2011, Revised Selected Papers},
        proceedings_a={ICGS3 \& E-DEMOCRACY},
        year={2012},
        month={10},
        keywords={memory forensics order of volatility data recovery},
        doi={10.1007/978-3-642-33448-1_3}
    }
    
  • Stavroula Karayianni
    Vasilios Katos
    Year: 2012
    Practical Password Harvesting from Volatile Memory
    ICGS3 & E-DEMOCRACY
    Springer
    DOI: 10.1007/978-3-642-33448-1_3
Stavroula Karayianni1,*, Vasilios Katos1,*
  • 1: Democritus University of Thrace
*Contact email: skarayanni@gmail.com, vkatos@ee.duth.gr

Abstract

In this paper we challenge the widely accepted approach where a first responder does not capture the RAM of a computer system if found to be powered off at a crime scene. We investigate the presence of confidential data in RAM such as user passwords. Our findings show that even if the computer is switched off but not removed from the mains, the data are preserved. In fact, when a process is terminated but the computer is still operating, the respective data are more likely to be lost. Therefore capturing the memory could be as critical on a switched off system as on a running one.