12 MEMORY FORENSICS
Virtualisation, smart malware, ephemeral containers, full-disk encryption – just some of the reasons that being able to navigate acquired memory images has become such an important skill for digital forensic investigators and incident responders alike. An incident can occur completely within the confines of volatile memory. Like the mythical bullet made of ice, the suspect intends volatile evidence to simply melt away without a trace once a victim has been claimed.
Unlike analysis of persistent file systems on hard disks and other archival media, the nature of volatile memory means that its contents are less structured. If looking for digital evidence on a hard disk is like looking for a needle in a haystack with the help ...
Get Hands-on Incident Response and Digital Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
