Date of Award
7-1-2006
Document Type
Thesis
Degree Name
Master of Computer and Information Science (MCIS)
Department
Computer Science
First Advisor
Dr. Kenneth Dick
Abstract
The advent of more witted threats against typical computer systems demonstrates a need for forensic analysis of memory-resident data in addition to the conventional static analysis common today. Some tools are starting to become available to duplicate various types of volatile data stores. Once the data store has been duplicated, current forensic procedures have no vector for extrapolating further information from the duplicate. This thesis is focused on providing the groundwork for performing forensic investigations on the data that is typically stored in a volatile data store, such as system RAM, while creating as small an impact as possible to the state of a system. It is intended that this thesis will give insight to obtaining more post incident response information along with a smaller impact to potential evidence when compared to typical incident response procedures.
Recommended Citation
Vidas, Timothy, "Acquisition and Forensic Analysis of Volatile Data Stores" (2006). Student Work. 2167.
https://digitalcommons.unomaha.edu/studentwork/2167
Comments
A Thesis Presented to the Department of Computer Science and the Faculty of the Graduate College University of Nebraska In partial fulfillment of the Requirements for the Degree Master of Computer Science. Copyright Timothy Vidas July, 2006