Recovering Digital Evidence in a Cloud Computing Paradigm
12.07.2013 Views
Share Embed Flag

Recovering Digital Evidence in a Cloud Computing Paradigm

Recovering Digital Evidence in a Cloud Computing Paradigm

Recovering Digital Evidence in a Cloud Computing Paradigm

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
computer.forensics.sans.org

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Where To F<strong>in</strong>d The <strong>Evidence</strong><br />

• Hiberfil.sys<br />

– Conta<strong>in</strong>s complete image of RAM and system state<br />

to be used to restore system from hibernation<br />

– Artifacts from a historic po<strong>in</strong>t <strong>in</strong> time (the last time<br />

the system was hibernated)<br />

– Similar to the user mak<strong>in</strong>g a RAM capture for you<br />

– Compressed data <strong>in</strong> “Xpress” blocks<br />

– Tools to decompress: hibr2dmp from Matthiu Suiche,<br />

Simon Key’s Enscript, Internet <strong>Evidence</strong> F<strong>in</strong>der<br />

(decompresses on the fly)

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!