Tuesday, 19 May 2015 00:00

Password harvesting from the memory of a switched off computer

Rate this item
(0 votes)

Forensic experts from the Information Security and Incident Response Unit in the Thracian University, in cooperation with a colleague from the Department of Applied Informatics at the University of Macedonia in Thessaloniki, have published an interesting scientific paper, which shows the possibility of retrieving information from the RW memory of a personal computer if it is switched off but not removed from the mains.

The authors point out that the data recovery from RAM is often used in modern forensic science, because fragments of registry, encryption keys and other valuable information can be found in RAM, but experts are working only with the turned on computer. However, it is necessary to copy RAM when sealing up both switched on and off computers, the researchers believe. Sealing up RAM for further data recovery can be done by freeze.

The reason is that, due to design constraints of modern RAM memory modules, the data bits can be recovered within a few minutes after switching off the computer.

It is interesting that RAM data is harder to recover if the computer is left on and keeps working. In this case the critical RAM areas can be overwritten with new data, and then the required information will more likely be lost. Therefore forfeit computer must not be load until memory is copied. You have to use a specially prepared liveCD for that.

Using this method, the researchers tested whether it is possible to recovery passwords for Facebook, Skype, Gmail and MSN from the memory of a switched off computer, provided that the computer is switched off immediately after the close of the program, in 5 minutes, 15 minutes and 60 minutes. The results are shown in the diagram.


Click here to learn more abolut our Texas State data recovery centers

Last modified on Tuesday, 19 May 2015 20:23
Data Recovery Expert

Viktor S., Ph.D. (Electrical/Computer Engineering), was hired by DataRecoup, the international data recovery corporation, in 2012. Promoted to Engineering Senior Manager in 2010 and then to his current position, as C.I.O. of DataRecoup, in 2014. Responsible for the management of critical, high-priority RAID data recovery cases and the application of his expert, comprehensive knowledge in database data retrieval. He is also responsible for planning and implementing SEO/SEM and other internet-based marketing strategies. Currently, Viktor S., Ph.D., is focusing on the further development and expansion of DataRecoup’s major internet marketing campaign for their already successful proprietary software application “Data Recovery for Windows” (an application which he developed).

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.