O'Reilly logo

Computer Evidence: Collection and Preservation, Second Edition by Christopher L. T. Brown

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Traditional Incident Response of Live Systems

Outside the useful information contained in raw memory mentioned in the previous section, a great deal of other useful information is available. Computer forensics investigators realized early on that more important information was held in volatile memory for which only the running operating system held the key. This information from applications and the operating system itself includes users logged on, running processes, and network end points, if any. As described earlier, the running operating system manages the swapping of information fragments through physical and logical memory locations. After the operating system is no longer running, reassembling this type of information can require heroic ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required