What is volatile data...Two basic types of data are collected in computer forensics. Persistent data is the data that is stored on a local hard drive (or another medium) and is preserved when the computer is turned off. Show Volatile data is any data that is stored in memory, or exists in transit, that will be lost when the computer loses power or is turned off. Volatile data resides in registries, cache, and random access memory (RAM). The investigation of this volatile data is called “live forensics” It is essential to the forensic investigation that the immediate state of a computer is recorded before shutting it down. Volatile information is lost once the suspect's computer is powered down and this may be crucial to the claim. Even if this volatile information is not crucial, it may well lead an investigator in the early stages and lay the foundations for the analysis. When collecting data for a computer forensic investigation you want to collect the most volatile data first as it will be lost the quickest. To avoid losing this volatile storage on a mobile device, keep this continuously charged to avoid losing volatile memory. A computer system will lose volatile memory when this is powered down, so the only way to safeguard this evidence is to leave the system powered up until a forensics expert can salvage this memory. Sometimes cache, which will contain web-mail (eg hotmail - as opposed to email clients such as outlook), msn chat etc can be recovered for a forensic examination, after the browser is shut down, but there is only a small window of opportunity and it is by no means guaranteed that this is recoverable. It will more often than not depend on the settings.
ArchiveCategories
What is volatile data?Data on a live system that is lost after a computer is powered down.
Is an example of volatile data?RAM(Random Access Memory) is an example of volatile memory.
Which of the following uses microchips that retain data in nonvolatile memory chips and contains no moving parts?Solid state drives (“SSD”)
These drives perform the same function, but are physically different from hard disk drives. As the name suggests, they are based on solid state storage and use microchips which retain data in non-volatile memory chips and contain no moving parts.
What is the definition of hash quizlet?A hash is simply a number created by applying the algorithm to a file or message at different times. The hashes are compared to each other to verify that integrity has been maintained.
|