Post-Mortem RAM Forensics - CanSecWest
13.09.2013 Views
Share Embed Flag

Post-Mortem RAM Forensics - CanSecWest

Post-Mortem RAM Forensics - CanSecWest

Post-Mortem RAM Forensics - CanSecWest

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
cansecwest.com

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

<strong>CanSecWest</strong>2007<br />

32<br />

PoC: Demo<br />

• Images created from cleanly installed<br />

OSes<br />

– Only video/network drivers<br />

• IBM MPro machine(s) with 512 MB <strong>RAM</strong><br />

(turned off for 15 minutes)<br />

• Helix 1.7 CD inserted and physical<br />

memory is imaged (if possible)<br />

• Registry keys created to set crashdump to<br />

‘on’ and ‘full’<br />

• Nonmyfault.exe used to forced system<br />

crash and thus a crash-dump style image<br />

• Considering posting test images publicly…<br />

VIDAS

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!