Physical Memory Forensics for Files and Cache

Physical memory forensics has gained a lot of traction over the past five or six years. While it will never eliminate the need for disk forensics, memory analysis has proven its efficacy during incident response and more traditional forensic investigations. Previously, memory forensics, although useful, focused on a process' address space in the form of Virtual Address Descriptors (VADs) but ignored other rich sources of information.

Provided by: SecurityTube.net Topic: Hardware Date Added: Mar 2012 Format: Podcast

Find By Topic