When acting on a security incident of any kind, document RFC 3227 Accepted: 23/09/20 - Published: 04/10/20Ĭorresponding author 1 Email: Linkedin: Widely used tools, how the choice of tools could impact on the final outcomeĭigital Forensics, Incident Response, RAM Memory, Windows, Impact of tools.
This article shows, with some of the most.Order to try to obtain as much information as possible, while maintaining the The analyst must be aware of the alternativesĪnd tools available, and be aware of the impact these tools have on RAM, in.Therefore, by definition, the tool that has the least RAM is very volatile and the tool used will.Operating system and the best performance/impact ratio. The tool chosen will depend on the victim's.The acquisition of RAM is the first action to.
This comparative studyĭetails both the private shared workspaces, for each of the processes executed by each of the tools used. Some tools for the capture of RAM has on the system. Objective analysis has been carried out, showing the impact that the execution of RAM is a constantly changing element, it must be standed out that any actionĬarried on the system under analysis will modify the contents of the RAM. Other device connected to it, can survive a certain amount of time in it. RAM memory must be acquired and analysedīecause the data it holds, which may belong to the system itself or to any In this sense, RAM memory constitute the most important element toĬapture, given its extreme volatility. The capture of these evidences has to be done according to its order of Principles must be followed regarding the collection of evidences of the When responding to a security incident in a system, a number of basic