Although FireWire-based memory acquisition method has been introduced for several years,the methodologies are not discussed in detail and still lack of practical tools.Besides,the existing method is not working stably when dealing with different versions of Windows.In this paper,we try to compare different memory acquisition methods and discuss their virtues and disadvantages.Then,the methodologies of FireWire-based memory acquisition are discussed.Finally,we give a practical implementation of FireWire-based acquisition tool that can work well with different versions of Windows without causing BSoD problems.
live forensicsmemory acquisitionFireWirememory analysisWindows registry
张磊、王连海、张睿超、张淑慧、周洋
展开 >
Shandong Provincial Key Laboratory of Computer Network,Jinan 250014,P.R.China
NETL
NSTL
万方数据
