Welcome to the InfoSci Platform
Volatile Memory Collection and Analysis for Windows Mission-Critical Computer Systems

Volatile Memory Collection and Analysis for Windows Mission-Critical Computer Systems

Antonio Savoldi, Paolo Gubian
Copyright: © 2011 |Pages: 18
ISBN13: 9781609605155|ISBN10: 1609605152|EISBN13: 9781609605162
DOI: 10.4018/978-1-60960-515-5.ch003
Cite Chapter Cite Chapter

MLA

Savoldi, Antonio, and Paolo Gubian. "Volatile Memory Collection and Analysis for Windows Mission-Critical Computer Systems." New Technologies for Digital Crime and Forensics: Devices, Applications, and Software, edited by Chang-Tsun Li and Anthony T. S. Ho, IGI Global, 2011, pp. 42-59. https://doi.org/10.4018/978-1-60960-515-5.ch003

APA

Savoldi, A. & Gubian, P. (2011). Volatile Memory Collection and Analysis for Windows Mission-Critical Computer Systems. In C. Li & A. Ho (Eds.), New Technologies for Digital Crime and Forensics: Devices, Applications, and Software (pp. 42-59). IGI Global. https://doi.org/10.4018/978-1-60960-515-5.ch003

Chicago

Savoldi, Antonio, and Paolo Gubian. "Volatile Memory Collection and Analysis for Windows Mission-Critical Computer Systems." In New Technologies for Digital Crime and Forensics: Devices, Applications, and Software, edited by Chang-Tsun Li and Anthony T. S. Ho, 42-59. Hershey, PA: IGI Global, 2011. https://doi.org/10.4018/978-1-60960-515-5.ch003

Export Reference

Mendeley
Favorite

Abstract

Most enterprises rely on the continuity of service guaranteed by means of a computer system infrastructure, which can often be based on the Windows operating system family. For such a category of systems, which might be referred to as mission-critical for the relevance of the service supplied, it is indeed fundamental to be able to define which approach could be better to apply when a digital investigation needs to be performed. This is the very goal of this paper: the definition of a forensically sound methodology which can be used to collect the full state of the machine being investigated by avoiding service interruptions. It will be pointed out why the entire volatile memory dump, with the necessary extension which is nowadays missing, is required with the purpose of being able to gather much more evidential data, by illustrating also, at the same time, the limitation and disadvantages of current state of-the-art approaches in performing the collection phase.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.