Remember the good ole days, when a computer took up thousands of square feet and you had to be a rocket scientist to operate it? Man those were the days when you could solve a computer crime real easy peasy because there were very few people who knew how to operate one (Limited suspect pool). Compared to today, where everyone walking the streets has some form or another of a computer on their hip or head (Google Glass). As of 2013 we have to now take into account vehicles as well and smart homes. Everyone wants their devices to sync with their homes, vehicles, cell phones, and other electronic media.
I remember one of my first computers came with 128 MB of RAM and I thought that was a lot. I even bought more RAM for it and it cost a pretty penny (A few hundred bucks for 128 MB of RAM). I was able to get it to 256 MB of RAM and I thought I was da-man at the time. Sorry having flash back moment right now (Cloud Over head, remembering mullets and hang bangs....).
The hard drive was only 20 GB of storage and I paid a premium for it. You were considered the bomb if you had more RAM and larger Hard Drive then the normal person (Geek). This only mattered in certain circles (ROFL).
We jump forward to 2013 and now all computer type products have minimum of 1 GB of RAM (1024 MB = 1 GB). Those are what you would consider low end computers. Your middle class computer will have 3 GB to 8 GB. Your upper class computer will have 8 GB to 16 GB and higher. The average hard drive is 750 GB of storage and up.
Now comes the fun stuff like booting a computer from USB and microSD. Who needs a hard drive, your average USB is 16 GB at 9 to 10 dollars. A good 32 GB USB stick will run you about 15 to 20 dollars. You can use free programs like UNetbootin, Yumi, and or Rufus for creating a bootable USB Stick. These are all great ideas and work great. How do I know, simple I have made my own and played around with them.
We are not here for any of the above today. That’s right we are here to talk about running a computer in 2013 without any storage media other than RAM. The RAM or DRAM (Random Access Memory and Dynamic Random Access Memory) is where your operations get loaded into for processing. When you want to run an application you installed on your hard drive, you click it (Double, in some cases) and it is called up in to RAM/DRAM. You are now able to use that application or other file(s) that you maybe trying to access. If you ran a computer without RAM it would error out and not boot at all.
In the not so distant past RAM was a luxury for home computer users. Now we have an abundance of it in all computers for work and home. RAM comes in several formats and now to include SSD hard drives.
There are several OS's (Operating Systems) that load in to RAM and run from there. You can find a small list over at Wiki that will load and run from RAM, never needing a hard drive. One that I have played around with is the Puppy Linux, which is no more than 200 MB in size and needs only 128 MB of RAM to run.
When I loaded this on my machine that specs out at:
1.6 GHZ Quad Intel CPU
12 GB DRAM
Sli Video at 1 GB RAM Each
I was up and surfing the internet in a matter of seconds. See screen shot below:
With all the free online storage today, like Google Drive and others alike; who really needs an internal hard drive? You get 15 GB free from Google and 5 GB free from DropBox. You can keep going on and on to the point that you can have up to 60 GB free online storage. Once you have these setup all you need now is an access station. If you use a bootable OS, you stand the chance of losing the drive. If you did not encrypt it, then you now lost your data to.
Let’s look at it from a Law Enforcement stand point of view. The old “Pull the plug” and triage back at the office should be gone today. If anyone is still teaching this, I would disagree with them. You will have some say “No one does this kind of stuff”, then you wonder why we only catch the low hanging fruit as they say.
I am in no way saying that we have an epidemic here of this going on. What I am saying is, if we are not aware of it and do not teach ourselves and others about this, then we will never catch them. This stuff is no secret to most and the ones using it to commit crimes, beware we are learning. Granted slowly but still learning (JK).
These are the types of things that can catch you off guard and looks like it is running from an internal drive. Once you pull the plug, your evidence is gone. There are tools out there to help capture the RAM before pulling the plug. This will become a standard practice in the near future, if not already. The other thing to think about is malware and virus's that are designed to be downloaded on boot-up and ran from RAM. Once you pull the plug you will lose this and it very well may be the piece of evidence you need to solve a network intrusion case. Who knows? If you never collect it, I can assure you that you will never know!
We teach to be aware of our surroundings and now we must teach to be aware of technology pit falls. This is not just for law enforcement but corporate America also.
Thanks for stopping by lovemytool.com
Author - Emory Mullis has been in Law Enforcement for roughly 19 years including military and civilian law enforcement. He started learning about computers back when Gateway 266 MHz was the top of the line and cost about $2000.00.Right out the box, I was compelled to take my new found 266 apart. Why I have no idea other than pure curiosity. Once I had the computer out the box and on the floor in pieces, my wife walked in. Trust me people; this was not a good thing! Either way I got a good understanding at this point on how a computer is put together and / or the components inside. This was my starting point with computers and I still hear my wife in the back ground “It better work when you put it back together!” That was my humble beginnings as a Cyber Investigator. Now with many Cyber cases under my belt, I have learned that you must question, challenge and test almost daily to keep up with all the new tools, software, computers and cell phone formats to be able to forensically acquire evidence and it is a real challenge. I enjoy the challenge and look forward to learning more every day!