Practical Password Harvesting from Volatile Memory

Stavroula Karayianni; Vasilios Katos

Global Security, Safety and Sustainability & e-Democracy. 7th International and 4th e-Democracy, Joint Conferences, ICGS3/e-Democracy 2011, Thessaloniki, Greece, August 24-26, 2011, Revised Selected Papers

Research Article

Practical Password Harvesting from Volatile Memory

Download

780 downloads

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1007/978-3-642-33448-1_3,
    author={Stavroula Karayianni and Vasilios Katos},
    title={Practical Password Harvesting from Volatile Memory},
    proceedings={Global Security, Safety and Sustainability \& e-Democracy. 7th International and 4th e-Democracy, Joint Conferences, ICGS3/e-Democracy 2011, Thessaloniki, Greece, August 24-26, 2011, Revised Selected Papers},
    proceedings_a={ICGS3 \& E-DEMOCRACY},
    year={2012},
    month={10},
    keywords={memory forensics order of volatility data recovery},
    doi={10.1007/978-3-642-33448-1_3}
}

Stavroula Karayianni
Vasilios Katos
Year: 2012
Practical Password Harvesting from Volatile Memory
ICGS3 & E-DEMOCRACY
Springer
DOI: 10.1007/978-3-642-33448-1_3

Stavroula Karayianni¹^,*, Vasilios Katos¹^,*

1: Democritus University of Thrace

*Contact email: skarayanni@gmail.com, vkatos@ee.duth.gr

Abstract

In this paper we challenge the widely accepted approach where a first responder does not capture the RAM of a computer system if found to be powered off at a crime scene. We investigate the presence of confidential data in RAM such as user passwords. Our findings show that even if the computer is switched off but not removed from the mains, the data are preserved. In fact, when a process is terminated but the computer is still operating, the respective data are more likely to be lost. Therefore capturing the memory could be as critical on a switched off system as on a running one.

Keywords: memory forensics order of volatility data recovery

Published: 2012-10-08

: http://dx.doi.org/10.1007/978-3-642-33448-1_3