I can see that in a laptop or other battery powered machine, but how do you
avoid the make/break power sequence when all you have is a power plug from
the back of the machine to a wall socket? Besides this assumes the first
entry to the domicile was done while the perp had the machine running.
Suppose he’s quick to hit the power button, or on entry some brilliant soul
decides to cut the power to the house at the main? I still think the
forensics lab is in most cases, going to have to start from power up.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Tuesday, January 12, 2010 4:00 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] RE: Re:Re:Re:Re:Read physical memory
There are commercial products that allow transporting a computer without
rebooting.
mm
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 4765 (20100112) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 4765 (20100112) __________
The message was checked by ESET Smart Security.