Plain text passwords:- a forensic RAM-raid

Research output: Contribution to journalArticle

Abstract

Despite many academic studies in the last 15 years acknowledging the investigative value of physical memory due to the potential sensitive nature of data it may contain, it arguably remains rarely collected at-scene in most criminal investigations. Whilst this may be due to factors such as first responders lacking the technical skills to do this task, or simply that it is overlooked as an evidence source, this work seeks to emphasise the worth of this task by demonstrating the ability to recover plain-text login credentials from it. Through an examination of logins made to 15 popular online services carried out via the Chrome, Edge and Mozilla Firefox browsers, testing shows that plain-text credentials are present in RAM in every case. Here, a transparent test methodology is defined and the results of test cases are presented along with ‘string markers’ which allow a practitioner to search their RAM captures for the presence of unknown credential information for these services in future cases.
Original languageEnglish
JournalScience and Justice - Journal of the Forensic Science Society
DOIs
Publication statusPublished - 10 Jul 2020

Fingerprint Dive into the research topics of 'Plain text passwords:- a forensic RAM-raid'. Together they form a unique fingerprint.

  • Cite this