An unpleasant incident occurred in one large financial organization: attackers penetrated the network and “vacuumed” all critical information - copied, and then sent the data to their remote resource. Group-IB criminologists were called to help only six months after the events described…. By that time, part of the workstations and servers had already been taken out of service, and the traces of the malefactors' actions were destroyed due to the use of specialized software and due to incorrect logging. However, on one of the servers involved in the incident, a Windows paging file was found, from which the experts obtained critical information about the incident.
In this article, Pavel Zevakhin, a specialist at the Group-IB Computer Forensics Lab, talks about what data can be found in the course of forensic research in Windows paging files.
In this article, Pavel Zevakhin, a specialist at the Group-IB Computer Forensics Lab, talks about what data can be found in the course of forensic research in Windows paging files.