Forensics in Telecommunications, Information, and Multimedia. Third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, Revised Selected Papers

Research Article

Live Memory Acquisition through FireWire

Download
450 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-23602-0_14,
        author={Lei Zhang and Lianhai Wang and Ruichao Zhang and Shuhui Zhang and Yang Zhou},
        title={Live Memory Acquisition through FireWire},
        proceedings={Forensics in Telecommunications, Information, and Multimedia. Third International ICST Conference, e-Forensics 2010, Shanghai, China, November 11-12, 2010, Revised Selected Papers},
        proceedings_a={E-FORENSICS},
        year={2012},
        month={10},
        keywords={live forensics memory acquisition FireWire memory analysis Windows registry},
        doi={10.1007/978-3-642-23602-0_14}
    }
    
  • Lei Zhang
    Lianhai Wang
    Ruichao Zhang
    Shuhui Zhang
    Yang Zhou
    Year: 2012
    Live Memory Acquisition through FireWire
    E-FORENSICS
    Springer
    DOI: 10.1007/978-3-642-23602-0_14
Lei Zhang1,*, Lianhai Wang1,*, Ruichao Zhang1,*, Shuhui Zhang1,*, Yang Zhou1,*
  • 1: Shandong Provincial Key Laboratory of Computer Network
*Contact email: zhanglei@keylab.net, wanglh@keylab.net, zhangrch@keylab.net, zhangshh@keylab.net, zhouy@keylab.net

Abstract

Although FireWire-based memory acquisition method has been introduced for several years, the methodologies are not discussed in detail and still lack of practical tools. Besides, the existing method is not working stably when dealing with different versions of Windows. In this paper, we try to compare different memory acquisition methods and discuss their virtues and disadvantages. Then, the methodologies of FireWire-based memory acquisition are discussed. Finally, we give a practical implementation of FireWire-based acquisition tool that can work well with different versions of Windows without causing BSoD problems.