Greek researchers have found a security loophole within the way that computer memory functions and could be used to retrieve password and other data from it even when it is in standby mode.
The researchers warn that the security loophole could also be used by criminals to obtain personal information, however it could also be used by computer forensic experts and investigators to identify passwords.
It was found that when a computer is placed into low power mode, due to it having a constant flow of power, the RAM is not lost and any data present is retained until the computer is fully powered back on.
The RAM (Random Access Memory) is a fast type of storage that is used by the computer to hold data used by active applications. It is commonly referred to as volatile memory as it is lost if the computer is switched off and power to the device stopped.
The requirement to be able to secure, capture and analyse Random Access Memory has increased as applications that do not leave traces of activity on the computer hard drive have become more common and reduce the ability of identifying previous activity.
The RAM can also contain evidence of network access and passwords entered within account login and password fields that can be potentially used to provide a security loophole.
How the Security Loophole of RAM was Identified
The researchers found the security loophole when they tested their approach and found that after a computer had been switched off following access of Facebook, GoogleMail and Skype etc, they generated RAM dumps using recognised forensic applications and were able to reconstruct login details for services being used within Firefox, GoogleMail, Facebook, Hotmail and WinRar.
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0845 882 7386 or via email on firstname.lastname@example.org, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensics investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.