Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis

  • Abstract

    People responsible for computer security incident response and digital forensic examination need to continually update their skills, tools, and knowledge to keep pace with changing technology. No longer able to simply unplug a computer and evaluate it later, examiners must know how to capture an image of the running memory and perform volatile memory analysis using various tools, such as PsList, ListDLLs, Handle, Netstat, FPort, Userdump, Strings, and PSLoggedOn. This paper presents a live response scenario and compares various approaches and tools used to capture and analyze evidence from computer memory.

  • Download

Cite This Report

SEI

Waits, Cal; Akinyele, Joseph; Nolan, Richard; & Rogers, Lawrence. Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis (CMU/SEI-2008-TN-017). Software Engineering Institute, Carnegie Mellon University, 2008. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8605

IEEE

Waits. Cal, Akinyele. Joseph, Nolan. Richard, and Rogers. Lawrence, "Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2008-TN-017, 2008. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8605

APA

Waits, Cal., Akinyele, Joseph., Nolan, Richard., & Rogers, Lawrence. (2008). Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis (CMU/SEI-2008-TN-017). Retrieved December 20, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8605

CHI

Cal Waits, Joseph Akinyele, Richard Nolan, & Lawrence Rogers. Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis (CMU/SEI-2008-TN-017). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2008. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8605

MLA

Waits, Cal., Akinyele, Joseph., Nolan, Richard., & Rogers, Lawrence. 2008. Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis (Technical Report CMU/SEI-2008-TN-017). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8605