The method of collecting passwords from the memory of a turned off computer is described.

[Витаутас. Частный детектив г. Вильнюс. Литва]

The method of collecting passwords from the memory of a turned off computer is described.
08/14/2012 |

Forensic experts from the Information Security and Incident Response Unit at the University of Thracian, together with a colleague from the Faculty of Applied Informatics at the University of Thessaloniki, published an interesting scientific paper (pdf) that shows the possibility of extracting information from the operational memory of a personal computer, if it was turned off, but not disconnected from the power supply network.

The authors of the work emphasize that the recovery of information from RAM is often used in modern forensics, because in RAM you can find registry fragments, encryption keys and other valuable data, but experts only work with the computer turned on. However, it is necessary to carry out the procedure for copying RAM when sealing not only turned on computers, but also turned off, according to the authors of the scientific work. Sealing RAM for further data recovery can be done by freezing.

The reason is that due to the design limitations of modern RAM memory modules, data bits can be restored within a few minutes after turning off the computer.

Interestingly, information from RAM is more difficult to recover if the computer remains turned on and continues to work. In this case, important sections of RAM can be overwritten with new data, and then the desired information will be lost with a greater degree of probability. Therefore, a confiscated computer cannot be loaded until the memory is copied. For this you need to use a specially prepared liveCD.

Using the described method, the researchers checked the likelihood of recovering passwords from Facebook, Skype, Gmail, and MSN from the memory of a computer that was turned off, provided that the computer turned off immediately after closing the program, after 5 minutes, after 15 minutes, and after 60 minutes. The results of the experiment are shown in the diagram.

https://www.bezpeka.com/en/news/2012/08/ ... sting.html (from here you can download and the work itself is true in English)

 

[Матушкин Андрей Николаевич]

Thank Vytautas
Very interesting.

 

[Детективное агентство ИКС-Инфо.]

 

[Растаман]

Thank!

 

[Частный детектив. Тайный советник. Омск.]

Vytautas, thanks for the interesting stuff

 

[@InfoPoisk]

Thank.

 

[D-Mass]

Thank.

 

[Патрушев Михаил Владимирович]

Interesting work. Thank you!

 

[Игорь Эдуардович]

Thank you, I read it with interest.

 

[Краев Евгений Леонидович]

Thanks, interesting!