Dailydave mailing list archives

Re: Palladium, Memory Forensics, Clouds.

From: Dominique Brezinski <dominique.brezinski () gmail com>
Date: Wed, 27 May 2009 17:54:45 -0700

On Wed, May 27, 2009 at 10:33 AM, dave <dave () immunityinc com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Something Bill Arbaugh said is that one major advantage for memory
forensics is that a machine has a lot less memory than it does disk
space. Searching through disk space (or even storing it if you do enough
forensics) is extremely expensive.


Been making the same statement for a decade ;) In production
environments with high down-time costs and generally huge amounts of
disk, some form of memory capture and analysis is really the only
viable option for incident response or other forensic activities. The
problem of locating the proverbial needle in the haystack is really
not an issue, because looking at it one way or another that needle
actually looks like a telephone pole in an empty, flat field. The
problem and solution are context.

Dom
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Palladium, Memory Forensics, Clouds. Dave Aitel (May 20)
- Re: Palladium, Memory Forensics, Clouds. Joanna Rutkowska (May 21)
- Re: Palladium, Memory Forensics, Clouds. Curt Wilson (May 21)
  - Re: Palladium, Memory Forensics, Clouds. Dave Aitel (May 22)
    - Re: Palladium, Memory Forensics, Clouds. Joanna Rutkowska (May 22)
- Re: Palladium, Memory Forensics, Clouds. James Butler (May 25)
  - Re: Palladium, Memory Forensics, Clouds. dave (May 27)
    - Re: Palladium, Memory Forensics, Clouds. Matthieu Suiche (May 27)
    - Re: Palladium, Memory Forensics, Clouds. Dominique Brezinski (May 27)