Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - Forensic Analysis of Memory Resident Compressed Swap Stores->

Submitted by Anonymous Coward
An anonymous reader writes "At the recent 2014 Digital Forensics Research Workshop (DFRWS), Dr. Golden G. Richard III and Andrew Case presented research that enabled forensic analysis of memory resident compressed swap stores. These stores, added in recent versions of Mac and Linux, use reserved pools of RAM in order to store compressed forms of pages that have been swapped out. Compressing and decompressing pages in memory is considerably faster than traditional algorithms that require reading and writing from disk.

Analysis of the stores in-memory allows for a forensics investigator to recover all pages that have been swapped without resorting to disk. This makes the forensics acquisition process much simpler than current methods that call for attempting to sample physical memory (RAM) and acquire the page file from disk simultaneously. In the paper, Dr. Richard and Case discuss the internals of these stores and demonstrate the types of data that can be recovered from them through memory forensics."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Forensic Analysis of Memory Resident Compressed Swap Stores

Comments Filter:

The tao that can be tar(1)ed is not the entire Tao. The path that can be specified is not the Full Path.