Research Article
Practical Password Harvesting from Volatile Memory
780 downloads
@INPROCEEDINGS{10.1007/978-3-642-33448-1_3, author={Stavroula Karayianni and Vasilios Katos}, title={Practical Password Harvesting from Volatile Memory}, proceedings={Global Security, Safety and Sustainability \& e-Democracy. 7th International and 4th e-Democracy, Joint Conferences, ICGS3/e-Democracy 2011, Thessaloniki, Greece, August 24-26, 2011, Revised Selected Papers}, proceedings_a={ICGS3 \& E-DEMOCRACY}, year={2012}, month={10}, keywords={memory forensics order of volatility data recovery}, doi={10.1007/978-3-642-33448-1_3} }
- Stavroula Karayianni
Vasilios Katos
Year: 2012
Practical Password Harvesting from Volatile Memory
ICGS3 & E-DEMOCRACY
Springer
DOI: 10.1007/978-3-642-33448-1_3
Abstract
In this paper we challenge the widely accepted approach where a first responder does not capture the RAM of a computer system if found to be powered off at a crime scene. We investigate the presence of confidential data in RAM such as user passwords. Our findings show that even if the computer is switched off but not removed from the mains, the data are preserved. In fact, when a process is terminated but the computer is still operating, the respective data are more likely to be lost. Therefore capturing the memory could be as critical on a switched off system as on a running one.
Copyright © 2011–2024 ICST