Abstract—The escalating dependence on information technology for daily activities ensures that cybercrime cases continue unabated. Consequently, the role of cyber forensics investigators is becoming increasingly crucial in addressing the surge of cybercrime incidents. Live forensics investigation, a challenging facet of digital evidence investigation, confronts several limitations. This study focuses on the complexities associated with retrieving digital evidence from volatile memory during live forensics investigations, explicitly comparing the efficacy of extracting digital evidence from DDR2 and DDR3 Random Access Memory (RAM). This study aims to analyze and compare potential variations in evidence acquisition outcomes between the two RAM types by applying three distinct scenarios: identifying registry and network activities, catching malicious codes, and obtaining login passwords on Social Media. The results demonstrate that DDR2 RAM exhibits a lower propensity for concealing digital evidence during live forensics investigations compared to DDR3 RAM. The implications of these findings are discussed, along with suggestions for potential ramifications and avenues for future research.
 
Keywords—computer forensics, random access memory, DDR2, DDR3, digital evidence, live forensics investigation


Copyright © 2023 by the authors. This is an open access article distributed under the Creative Commons Attribution License (CC BY-NC-ND 4.0), which permits use, distribution and reproduction in any medium, provided that the article is properly cited, the use is non-commercial and no modifications or adaptations are made.