RAM data significance in digital forensics

摘要

In present modern times when operating systems require larger amounts of RAM or Random Access Memory, we usually come across computers with 4 GB RAM, but given the price drops, it is quite usual to come across computers with 64 GB of RAM as well. By imaging this part of computer memory and by performing forensics analysis of the data located in RAM, it can be easily concluded that performing RAM imagining and analysis should be one of the essential steps in any forensic investigation. This paper will give a short introduction to digital forensics and the role of live data forensics. Furthermore, the mail goal will be to show and explain the importance of forensics of live machines and artefacts which can be found as well as methods and tools which are used for extracting and analyzing data from RAM. In addition, it will be shown that sometimes in forensic investigations, data contained in RAM can contain enough evidence to solve the whole case and actually be everything a digital forensics investigator really need.