Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: forensics Digest 17 Jun 2005 15:04:36 -0000 Issue 499

from [George M. Garner Jr.] Network Security [Permanent Link]
Subject: RE: forensics Digest 17 Jun 2005 15:04:36 -0000 Issue 499
Date: Sat, 25 Jun 2005 14:52:16 -0400 
Vladis,

Farmer and Venema address this question in their book (Forensic Discovery,
p. 182).  The long and short of it is that it all depends.  Modern Intel
CPU's tend to have bios settings that clear main memory on restart, but
there are exceptions.  Sun SPARC's and Apple G4's typically do not clear
main memory.

So, to answer the question you really have to test with the specific
hardware in question.

Regards,

George.

-----Original Message-----
From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] 
Sent: Wednesday, June 22, 2005 5:12 PM
To: tearsong
Cc: forensics@securityfocus.com
Subject: Re: forensics Digest 17 Jun 2005 15:04:36 -0000 Issue 499 

Way back when, some friends of mine were doing research on RAM chips(*), and
we
found out the hard way that at least for some technologies, the state of a
given cell after a power cycle could be dependent on its state before power
cycling happened.  Took quite a while to debug that one - we'd made the rash
assumption that a RAM memory chip started out as either all-zeros or
all-ones,
depending how the cells were tied.  Peter Gutmann also mentions it in
sections
7 and 8 of his paper
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

(*) J. Bisgrove, J. Lynch, P. McNulty, W. Abdel-Kader, V. Kletnieks,
W. Kolasinski: "Comparison of soft errors induced by heavy ions and
protons". IEEE Transactions on Nuclear Science, Vol NS-33, No. 6,
p. 1571 (6 Dec 1986)
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Tools accepted by the courts, Evidence Technology
Next by Date:  Re: Tools accepted by the courts, Jack Seward
Previous by Thread:  Re: forensics Digest 17 Jun 2005 15:04:36 -0000 Issue 499, Valdis . Kletnieks
Next by Thread:  Re: forensics Digest 17 Jun 2005 15:04:36 -0000 Issue 499, Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]