Data Acquisition from Volatile Memory: A Memory Acquisition Tool for Microsoft Windows Vista

Abstract

The focus of this research is on extracting data from the volatile random access memory (RAM) on a personal computer running Microsoft's Windows Vista operating system, while minimally affecting the existing data. The projected work includes the development of a kernel-mode device driver with the capabilities on one or more versions of Microsoft Windows Vista, a user-mode application that interacts with the driver, usage documentation and outcome of the research. The main objectives of the research is to show the possibility of extracting information from the random access memory using a user mode application (with a suitable driver already installed) and to document the process of Window Vista driver development, so that future works in this area can benefit by putting more effort into specific research rather than configuring a development environment.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 01, 2008
Accession Number
ADA494118

Entities

People

  • Cheong C. W. Vincent

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Advanced Electronics
  • Cyber

DTIC Thesaurus Topics

  • Acquisition
  • Commerce
  • Computer Program Documentation
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Control Panels
  • Data Acquisition
  • Debugging
  • Device Drivers
  • Environment
  • Graphical User Interface
  • Operating Systems
  • Procurement
  • Standards
  • Test Methods

Fields of Study

  • Computer science

Readers

  • Brain and Cognitive Science; Experimental Psychology; Cognitive Neuroscience
  • Data Mining and Knowledge Discovery.
  • Database Systems and Applications