O'Reilly logo

Computer Evidence: Collection and Preservation, Second Edition by Christopher L. T. Brown

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Summary

  • Today’s investigators are beginning to broaden their focus to include both static and volatile disk data because together they can help tell a complete story.

  • When most people refer to volatile data in computer systems in the sense of computer forensics, they are referring only to the information or data contained in the active physical memory, such as RAM (random access memory), rather than volatile disk data.

  • As most computer forensics investigators know, even the most secure facility can be compromised, often leaving traces in and affecting volatile memory.

  • The latest and perhaps most effective way for hackers to hide is by using a kernel-mode rootkit (or kernel-mode Trojan).

  • The second-generation of Windows rootkits that affect volatile ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required