PAPERS
THE SIXTH INTERNATIONAL CONFERENCE ON FORENSIC COMPUTER SCIENCE
Print ISBN 978-85-65069-07-6 - Online ISBN 978-85-65069-05-2, pp 161-165
DOI: 10.5769/C2011018 and http://dx.doi.org/10.5769/C2011018
Uma Nova Abordagem em Apreensão de Computadores
By Pedro Auler, Laerte Peotta de Melo, Flávio Elias Gomes de Deus e Rafael Timóteo de Sousa Jr.
To download this paper, click here.
Print ISBN 978-85-65069-07-6 - Online ISBN 978-85-65069-05-2, pp 161-165
DOI: 10.5769/C2011018 and http://dx.doi.org/10.5769/C2011018
Uma Nova Abordagem em Apreensão de Computadores
By Pedro Auler, Laerte Peotta de Melo, Flávio Elias Gomes de Deus e Rafael Timóteo de Sousa Jr.
To download this paper, click here.
ABSTRACT
Since the popularization of data encryption techniques, use of virtual machines and cloud computing, the practice of turning computers off and seize them for later dead analysis in laboratory, common until recently, has become quite reckless. Volatile data present on running computers or otherwise data protected through user passwords, may contain essential data to the investigated case elucidation, that will be lost in case of system shutdown. The modern recommendation in cases of computers search and seizure is to extract volatile data and to make a logical acquisition from password protected areas that are visible while the computer is still running, before shutting down the system and performing the traditional seizure.
KEYWORDS
Seizure, forensic, volatile, investigation, capture.
Since the popularization of data encryption techniques, use of virtual machines and cloud computing, the practice of turning computers off and seize them for later dead analysis in laboratory, common until recently, has become quite reckless. Volatile data present on running computers or otherwise data protected through user passwords, may contain essential data to the investigated case elucidation, that will be lost in case of system shutdown. The modern recommendation in cases of computers search and seizure is to extract volatile data and to make a logical acquisition from password protected areas that are visible while the computer is still running, before shutting down the system and performing the traditional seizure.
KEYWORDS
Seizure, forensic, volatile, investigation, capture.
To return to the "Published Papers" main page, click here.