Trong kịch bản này, đống giữ lại các biến động và sử dụng malloc (cấp phát bộ nhớ) hoặc nhà điều hành các chức năng mới. Một mẫu mã đơn giản dưới đây minh họa cho tính chất dễ bị tổn thương này nhớ để tìm kiếm một hệ thống thay thế. Thiết lập trình tự khởi động vào ổ cứng đầu tiên, | Digital Forensic Acquisition Examination 125 FIGURE Linux Boot Menu Options 8. Press the Tab key once the boot menu appears. The default keyboard type is set to Belgian. If you have a US keyboard use the arrow keys to modify the keyb option as shown in Figure . The modified value should now be keyb US if this is the keyboard type you have. Press Enter to initialize the system. Princeton Cold-Boot Attack To complete this scenario you will need a Windows machine Linux on USB and the alternate USB drives. Download the USB PXE Imaging tools http . edu memory-content src and place this file on the root of one of the flash drives not the one with Linux installed . If you have Internet access from Linux these files can be downloaded while booted to this operating system otherwise do so in Windows. To test this against full-disk encryption you will need to install this software and encrypt your drive with Advanced Encryption Standard AES . XP and Vista home users can use TrueCrypt downloads and instructions related to installation and encryption can be found in their package on the site or a number of other locations 1. Boot into Linux if not there already don t forget to modify your keyboard to enable US type if relevant. 2. Open a root terminal by pressing the start button at the bottom-left-hand portion of the menu bar then select Root Terminal as seen in Figure . 3. Type cd and press Enter. articles p 1276279 126 CHAPTER 5 RAM dump FIGURE FCCU Linux Start Menu 4. Type mkdir ramdump and press Enter. 5. Insert the drive containing the . 6. Type fdisk -l grep ADisk and press Enter to view all disks. TIP Linux is case-sensitive so use capitals where required. 7. Find your flash drive by checking the size. If they are the same size the last drive entered should be assigned a higher alphabet letter. 8. Type mkdir mnt sd and press Enter. is the flash .