Automated Live Acquisition of Volatile Data : Through the use of a programmable HID control chip

Sammanfattning: This research lays a foundation for automated acquisition of volatile data by presenting a prototype device which carries out the deeds of a forensic investigator, essentially making it a “forensic investigator on a stick”. The Teensy 3.0 device is programmed to interact with an external USB device for storage purposes. All interaction with a live target system must be documented thoroughly according to forensic best practices. Therefore quantitative measurements of system contamination related to the device actions are presented. The device is conclusively able to perform a memory dump and provide a warning of the existence of Truecrypt encrypted containers.