Sometimes in computer forensics you will come across an issue where you may need to interact with the RAM within a computer. This example does not take the efforts into discussing an attack and the steps that you need to set up, but rather, it discusses tracking an event in memory. This is normally seen when a service, or application has been attacked. Once an exploit has been executed against the system, and if the attack is happening when the investigator is present – a forensic examiner may take the following steps as a sort of outline to assist.

Register to read more …