Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: forensics Digest 17 Jun 2005 15:04:36 -0000 Issue 499

from [John Herron] Network Security [Permanent Link]
Subject: Re: forensics Digest 17 Jun 2005 15:04:36 -0000 Issue 499
Date: Thu, 23 Jun 2005 09:06:24 -0500 
I've always heard the same thing but have never verified it.  I heard it
a lot with virus writing techniques, but I'm not sure if it's because
they intercept the int call and do something special or not, but I used
to hear that viruses could survive a warm reboot.  The other place I
heard it was from some PC diagnostic software (Microscope) which said to
load an extended memory driver and then reboot with ctrl+alt+del and run
their program and the driver would still be in memory so they could
check your extended memory.

Unfortunatly I don't have a way to verify this.  I don't understand
protected mode well enough either but am curious if that makes any
difference or causes anything to be reset.

Atleast one thing is certain though, certain blocks of memory used
currently would still get overwritten if the operating system/BIOS puts
data there during the boot process.


tearsong <tearsong6@gmail.com> 6/22/2005 7:25:01 AM >>>

One thought, though: doesn't a reboot reset the RAM anyway?


i have heard (and i wouldnt, by any means, stake my life on this!)
that *only* a soft boot (reboot) will not completely clear the RAM... 
however a hard boot (shut down) will most definatly.  if anyone can
verify/deny this, i'd be grateful.

~tearsong
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Tools accepted by the courts, Andre Protas
Next by Date:  RE: Identifying seed file IP address in Exeem, BT and KaZaA, Brian May
Previous by Thread:  Re: forensics Digest 17 Jun 2005 15:04:36 -0000 Issue 499, Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]