This topic contains 1 reply, has 2 voices, and was last updated by SweeTLemonS_TPR 2 weeks, 4 days ago.
- April 22, 2021 at 1:57 pm #386024
If you were to take an image of a machine including the RAM does it have the credentials you can use to later log into the machine.
When I had my IT forensics course, nothing like that was ever mentioned. However, while studying for CompTIA Security+ it mentioned something along those lines while covering network security.
Am I misunderstanding what was being referred to? (I am asking, because I can’t find that part now)
- April 22, 2021 at 1:57 pm #386026
Although this has already been answered by another user, but for additional context, do look at Heartbleed bug of OpenSSL. The entire vulnerability was based upon acquisition of data from the RAM (via buffer overread) without any trace. And the bug is pretty easy to understand too.
- April 22, 2021 at 1:57 pm #386027
Yes. At some point it has to match what you originally set.
- April 22, 2021 at 1:57 pm #386025
From the sounds of it, yes, at least sometimes. https://www.sciencedirect.com/science/article/abs/pii/S1355030620300137
> Through an examination of logins made to 15 popular online services carried out via the Chrome, Edge and Mozilla Firefox browsers, testing shows that plain-text credentials are present in RAM in every case.
You must be logged in to reply to this topic.