The acquisition of volatile memory from a compromised computer is difficult to perform reliably because the acquisition procedure should not rely on untrusted code, such as the operating system or applications executing on top of it. In this paper, we present a procedure for acquiring volatile memory using a hardware expansion card that can copy memory to… (More)
Want to know how something works? Tear it apart. Along the way, you might learn to improve it or make it do something it was never intended to do.