State of the art concerning memory acquisition software – A detailed examination of DOS and non-Windows NT memory acquisition

PDF

Authors
  1. Carbone, R.
Corporate Authors
Defence R&D Canada - Valcartier, Valcartier QUE (CAN)
Abstract
This technical memorandum examines one specific software tool which can be used to carry out a forensic memory acquisition of DOS and Windows 9x systems. This work appears to be the first of its kind as no other comparable work can be found in the publicly available literature. Although DOS and Windows 9x systems are harder to come by today, this should not preclude that investigators may encounter them in the course of their work. By addressing the important issue of DOS and Windows 9x memory acquisition it will be possible for investigators to corroborate disk-based evidence when examining such systems used to commit illicit activities.

Il y a un résumé en français ici.

Report Number
DRDC-VALCARTIER-TM-2011-215 — Technical Memorandum
Date of publication
01 Oct 2011
Number of Pages
68
DSTKIM No
CA036007
CANDIS No
535373
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: