Computer Memory Basics
Computer Memory Basics
The computer memory commonly referred to as RAM stores all the information relating to the functionality of the computer. It is a temporary storage area which holds data for processing. Data stored in memory includes:
• Processes
• Services
• System/user opened files
• Loaded Dynamic Link Libraries
• Open Registry keys
• Usernames and passwords
• Unpacked/decrypted data or applications
• Content of open windows
• Network related activity
• NTFS metadata files
• Memory resident malware
Note the above list is not exhaustive.
It can be seen that there its lots of potential information held in memory that may be of interest to the malware investigator.
It is also worthy of note examination of computer memory may be limited due to limitations of the tools used, however this can be mitigated by making a computer of the computer memory for analysis. This copy is commonly referred to as a ‘RAM Dump’.
We will take a closer look at running process in the next section together how to create a copy of the computer memory and the basics of static RAM analysis.
Additional information…
Any examination of a live computer may also be potentially hampered by any malware running in the system. Analysis of a RAM dump will of course negate this.
Introduction to Digital Forensics: Malware Analysis and Investigations
Introduction to Digital Forensics: Malware Analysis and Investigations
Reach your personal and professional goals
Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.
Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.
