Advanced Search

Content Type

Topics

Publication Date

Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis

Abstract

People responsible for computer security incident response and digital forensic examination need to continually update their skills, tools, and knowledge to keep pace with changing technology. No longer able to simply unplug a computer and evaluate it later, examiners must know how to capture an image of the running memory and perform volatile memory analysis using various tools, such as PsList, ListDLLs, Handle, Netstat, FPort, Userdump, Strings, and PSLoggedOn. This paper presents a live response scenario and compares various approaches and tools used to capture and analyze evidence from computer memory.

Cite This Report

Show Citation Formats

SEI

Waits, Cal; Akinyele, Joseph; Nolan, Richard; & Rogers, Lawrence. Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis (CMU/SEI-2008-TN-017). Software Engineering Institute, Carnegie Mellon University, 2008. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8605

IEEE

Waits. Cal, Akinyele. Joseph, Nolan. Richard, and Rogers. Lawrence, "Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2008-TN-017, 2008. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8605

APA

Waits, Cal., Akinyele, Joseph., Nolan, Richard., & Rogers, Lawrence. (2008). Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis (CMU/SEI-2008-TN-017). Retrieved October 20, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8605

CHI

Cal Waits, Joseph Akinyele, Richard Nolan, & Lawrence Rogers. Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis (CMU/SEI-2008-TN-017). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2008. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8605

MLA

Waits, Cal., Akinyele, Joseph., Nolan, Richard., & Rogers, Lawrence. 2008. Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis (Technical Report CMU/SEI-2008-TN-017). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8605