Skip to main content
SpringerLink
Log in

Practical Password Harvesting from Volatile Memory

  • Conference paper
Global Security, Safety and Sustainability & e-Democracy (e-Democracy 2011, ICGS3 2011)

Abstract

In this paper we challenge the widely accepted approach where a first responder does not capture the RAM of a computer system if found to be powered off at a crime scene. We investigate the presence of confidential data in RAM such as user passwords. Our findings show that even if the computer is switched off but not removed from the mains, the data are preserved. In fact, when a process is terminated but the computer is still operating, the respective data are more likely to be lost. Therefore capturing the memory could be as critical on a switched off system as on a running one.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. van Baar, R., Alink, W., van Ballegooij, A.: Forensic Memory Analysis: Files. Mapped in Memory. In: Digital Forensic Research Workshop, vol. 5, pp. 52–57 (2008)

    Google Scholar 

  2. Gavitt, B.: Forensic analysis of the Windows registry in memory. Digital Investigation 5, 26–32 (2008)

    Article  Google Scholar 

  3. Adlestein, F.: Live forensics: diagnosing your system without killing it first. Communications of the ACM 49(2), 63–66 (2006)

    Article  Google Scholar 

  4. Halderman, J., Schoen, S., Heninger, N., Clarkson, W., Paul, J., Calandrino, A., Feldman, A., Appelbaum, J., Felte, E.: Lest We Remember: Cold Boot Attacks on Encryption Key. In: 2008 USENIX Security Symposium (2008)

    Google Scholar 

  5. Carrier, B., Spafford, E.: Categories of digital investigation analysis techniques based on the computer history model. Digital Investigation 3S, 121–130 (2006)

    Article  Google Scholar 

  6. The Volatility Framework: Volatile memory artifact extraction utility framework, https://www.volatilesystems.com/default/volatility

Download references

Author information

Authors and Affiliations

  1. Information Security and Incident Response Unit, Democritus University of Thrace, Greece

    Stavroula Karayianni & Vasilios Katos

Authors
  1. Stavroula Karayianni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vasilios Katos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Applied Informatics, University of East London , 156 Egnatio Street, 54006, Thessaloniki, Greece

    Christos K. Georgiadis

  2. School of Architecture & Engineering, University of East London, Docklands Campus 4-6, University Way, E16 2RD, London, UK

    Hamid Jahankhani

  3. School of Architecture Computing & Engineering, University of East London, Docklands Campus 4-6 University Way, E16 2RD, London, UK

    Elias Pimenidis , Rabih Bashroush  & Ameer Al-Nemrat ,  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Karayianni, S., Katos, V. (2012). Practical Password Harvesting from Volatile Memory. In: Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds) Global Security, Safety and Sustainability & e-Democracy. e-Democracy ICGS3 2011 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 99. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33448-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33448-1_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33447-4

  • Online ISBN: 978-3-642-33448-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation