In this article a comparative and an objective analysis has been carried out, showing the impact that the execution of some tools for the capture of RAM has on the system. Since RAM is a constantly changing element, it must be stood out that any action carried on the system under analysis will modify the contents of the RAM. RAM memory must be acquired and analyzed because the data it holds, which may belong to the system itself or to any other device connected to it, can survive a certain amount of time in it. In this sense, RAM memory constitute the most important element to capture, given its extreme volatility. The capture of these pieces of evidence has to be done according to its order of volatility. When responding to a security incident in a system, several basic principles must be followed regarding the collection of pieces of evidence from the system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |