Research Article
Live Memory Acquisition through FireWire
468 downloads
@INPROCEEDINGS{10.1007/978-3-642-23602-0_14, author={Lei Zhang and Lianhai Wang and Ruichao Zhang and Shuhui Zhang and Yang Zhou}, title={Live Memory Acquisition through FireWire}, proceedings={Forensics in Telecommunications, Information, and Multimedia. Third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, Revised Selected Papers}, proceedings_a={E-FORENSICS}, year={2012}, month={10}, keywords={live forensics memory acquisition FireWire memory analysis Windows registry}, doi={10.1007/978-3-642-23602-0_14} }- Lei Zhang
Lianhai Wang
Ruichao Zhang
Shuhui Zhang
Yang Zhou
Year: 2012
Live Memory Acquisition through FireWire
E-FORENSICS
Springer
DOI: 10.1007/978-3-642-23602-0_14
Abstract
Although FireWire-based memory acquisition method has been introduced for several years, the methodologies are not discussed in detail and still lack of practical tools. Besides, the existing method is not working stably when dealing with different versions of Windows. In this paper, we try to compare different memory acquisition methods and discuss their virtues and disadvantages. Then, the methodologies of FireWire-based memory acquisition are discussed. Finally, we give a practical implementation of FireWire-based acquisition tool that can work well with different versions of Windows without causing BSoD problems.
Copyright © 2010–2024 ICST