Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Forensic Analysis of Memory Resident Compressed Swap Stores (blogspot.com)

An anonymous reader writes: At the recent 2014 Digital Forensics Research Workshop (DFRWS), Dr. Golden G. Richard III and Andrew Case presented research that enabled forensic analysis of memory resident compressed swap stores. These stores, added in recent versions of Mac and Linux, use reserved pools of RAM in order to store compressed forms of pages that have been swapped out. Compressing and decompressing pages in memory is considerably faster than traditional algorithms that require reading and writing from disk.

Analysis of the stores in-memory allows for a forensics investigator to recover all pages that have been swapped without resorting to disk. This makes the forensics acquisition process much simpler than current methods that call for attempting to sample physical memory (RAM) and acquire the page file from disk simultaneously. In the paper, Dr. Richard and Case discuss the internals of these stores and demonstrate the types of data that can be recovered from them through memory forensics.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Forensic Analysis of Memory Resident Compressed Swap Stores

Comments Filter:

The meat is rotten, but the booze is holding out. Computer translation of "The spirit is willing, but the flesh is weak."