Discuss how you believe that RAM analysis will be integral
Discuss how you believe that RAM analysis will be integral in investigations and why. Also discuss two things that you believe will be important for the investigator
Discuss how you believe that RAM analysis will be integral
Digital device is not the only place digital data can be stored as cloud-based solutions are taking over traditional data storage devices.
Discuss how you believe that RAM analysis will be integral in investigations and why.
Also discuss two things that you believe will be important for the investigator to consider and why and two things that you believe that they will not need to consider and why.
please provide 3 sources.
More Details:
Historically, criminal or corporate investigations involving computer equipment began by
immediately disconnecting any compromised machines from the network, powering
them down, and securing them in a proper environment where they would be imaged
and analyzed.
The rationale for this approach as the first step in the response process originates in the idea of preserving the state of the hard disk at the time of response at all costs.
Thus, the thought was that if the system was allowe d to continue running, valuable evidence may be inadvertently or intentionally overwritten.
This investigative model worked very well for several years, but times have changed.
Knowing that an investigator’s first action would be to “pull-the-plug” on a compromised
system before performing any analysis, malware authors began reducing their footprint
on the victim’s hard disk and instead storing as much as possible within the machine’s volatile Random Access Memory (RAM).
Since the contents of RAM are cleared when the computer is powered down, once the investigator ”pulls the plug,” all traces of potential malicious code, including its capabilities, any commands given to it by the attacker, and data it may have exfiltrated from your network, have vanished.