Damir Paladin is an information security consultant. He is professionally engaged in information technology over 25 years, and in 1998th he started with his own company Borea, where he works today. His areas of expertise are computer forensics, audit and testing security of information systems. He owns professional certificates CISSP, CISA and CISM. He is a permanent court expert in IT. He cooperates with some of the most important Croatian companies and institutions providing professional services in the field of information security.
Working memory - a source of valuable forensic clues
This presentation is a sequel to the presentation given at the conference "DataFocus 2014". In this year's presentation, I will describe in more details the characteristics of the information contained in the working memory of a computer (also known as RAM or volatile memory) and discuss the importance of this information in forensic investigation. Special emphasis is put on the forensic data analysis from working memory containing traces of user activity, the context of their work, the presence of various software including malware... By using several typical examples, the presentation will show the tools by which the analysis of such data is carried out, as well as the method of conducting working memory forensic analysis, which will help emphasize the importance and professional need for forensic analysis of working memory.