Thursday, November 1, 2012

Volatile source of Forensic Evidences on windows based Systems.

When collecting evidence you should proceed from the volatile to the
   less volatile.  Here is an example order of volatility for a typical
   system.

      -  registers, cache

      -  routing table, arp cache, process table, kernel statistics,
         memory

      -  temporary file systems

      -  disk

      -  remote logging and monitoring data that is relevant to the
         system in question

      -  physical configuration, network topology

      -  archival media


http://www.faqs.org/rfcs/rfc3227.html

No comments:

Post a Comment

 
span.fullpost {display:inline;}