Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Volatile data Collection from Window System
Volatile data is not permanent data and this data can be lost when a computer loses its power connection or is switched off. It is usually stored in cache memory or RAM.
Random access memory(RAM) is volatile memory used to hold instructions and data of currently running programs. This memory loses integrity after loss of power.
Volatile memory is also referred to as temporary memory. It is the memory hardware that fetches or stores data at a high speed. RAM and cache memory are some common examples of volatile memory.
Volatile information can be collected remotely or onsite. If there are many numbers of systems to be collected then remotely is preferred rather than onsite.
It fetches/stores the data fast and it is economical. Volatile memory generally has less storage capacity and volatile memory processes can read and write.
Types
There are two types of volatile RAM: dynamic and static. Even though both types need continuous electrical current to retain data.
DRAM
Dynamic RAM is very popular due to its cost effectiveness. DRAM stores each bit of information in a different capacitor within the integrated circuit. DRAM chips need just one single capacitor and one transistor to store each bit of information. This makes it space-efficient and inexpensive.
SRAM
Static RAM does not need continuous electrical refreshes, but it still requires constant current to sustain the difference in voltage. Every single bit in a static RAM chip needs a cell of six transistors. SRAM is commonly used as CPU cache and for processor registers and in networking devices.
Live Forensics
In the Live forensics data should be collected quickly as soon as possible because volatile data may contain crucial information. It is extremely useful when dealing with active network intrusions. This process is usually performed by forensic analysts. Live forensics enables the imaging of RAM, bypasses most hard drives and software encryptions which determine the cause of abnormal traffic. Live forensics allows an organization to actively monitor, gather, analyze, and act on information in real time. Live forensic is an effective tool against crimes like fraud, money laundering and larceny.
In “Live Forensics” this may include several steps they are −
Firstly create a response tool kit.
After that storing in this information which is obtained during initial response.
And then obtain volatile data.
Then after that performing in an in-depth live response.
Example − The malware resides only in memory then live forensics is a good chance, in some cases the only way to capture and analyze the malware. In the live forensics method in addition to disk and memory evidence, a forensic analysis can also capture live-network from data sent over the compromised VM network interfaces. Some of the benefits of collecting live networks are reconstruction and visualizing traffic flow in real time, in particular during active network instructions or attacks.
Conclusion
Volatile data is the data that is usually stored in cache memory or RAM. This volatile data is not permanent, this is temporary and can be lost if the computer loses its connection.
1K+ Views
