Data acquisition from volatile memory a memory acquisition tool for Microsoft Windows Vista

• Main Author: Cheong, Choong Wee Vincent
• Other Authors: Vidas, Timothy M.
• Published: Monterey, California. Naval Postgraduate School 2012
• Online Access: http://hdl.handle.net/10945/3795

The focus of this research is on extracting data from the volatile random access memory (RAM) on a personal computer running Microsoft's Windows Vista operating system, while minimally affecting the existing data. The projected work includes the development of a kernel-mode device driver with the capabilities on one or more versions of Microsoft Windows Vista, a user-mode application that interacts with the driver, usage documentation and outcome of the research. The main objectives of the research is to show the possibility of extracting information from the random access memory using a user mode application (with a suitable driver already installed) and to document the process of Window Vista driver development, so that future works in this area can benefit by putting more effort into specific research rather than configuring a development environment.