Basics
RAM stands for Random-Access Memory and is commonly referred to as RAM or Memory for short. It serves as temporary storage and working space for the operating system and its applications. This allows data to be accessed (read or written) in almost real-time regardless of the physical location inside the memory as opposed to HDDs, Disc Drives, or any other mechanical media. In the majority of computers, RAM is an easily upgradeable option that will increase the performance of your operating system and application usage. RAM is a volatile type of storage medium. Which means if you reboot, shutdown, or have a power loss of any sort, every bit of data residing in memory no longer exists.
There are two main types of RAM, SRAM and DRAM:
- SRAM stands for Static Random-Access Memory. They are made using a semiconductors (containing 4 to 6 transistors) that uses bistable latching circuitry (Flip-flop) to store each bit, allowing data to be held for longer periods of time compared to DRAM. SRAM modules are more expensive, faster than DRAM, requires less power, and is often used as cache memory for your Central Processing Unit (CPU). SRAM requires periodic memory refreshing which makes this type of RAM less volatile compared to DRAM and relies on the CPU to preserve the contents.
- DRAM stands for Dynamic Random-Access Memory. They are made using capacitors and transistors built within an integrated circuit. Each capacitor and transistor pair stores 1 bit of data. Given the extremely small size of capacitors and transistors nowadays; billions can fit onto a single memory chip. DRAM modules are cheaper than SRAM, require more power than SRAM, and are the main memory in desktops, laptops, workstations and video game consoles. DRAM requires a constant memory refresh which makes this type of RAM more volatile and requires the CPU to do nothing to preserve the contents.
Application in Hacking
So why is this knowledge important when discussing hacking? When it comes to “hacking”, the one idea that should be understood is nearly everything you do, on a computer, is loaded into RAM/Memory… application data, passwords, usernames, or encryption passphrases to name a few. With Operating Systems and applications loading data into RAM, the idea of your personal information or corporation’s data being leaked or stolen is a growing concern. This doesn’t mean you should worry that all your information is being harvested as we speak, I’m only making you aware if you weren’t already privy to the concept. There are numerous tools out on the web that make .dump or image files of the current state of your RAM/Memory and a large majority of them are used for the purpose of “White Hat” analysis. A few noteworthy analysis and imaging applications include the Volatility Framework, FTK Imager, Mandiant Memoryze, Second Look, and FDPro just to name a few. This is not a complete list so don’t crucify me for not mentioning one you use frequently.
Conclusion
It may seem insignificant to discuss RAM and it’s application in the world of hacking however, I assure you it is anything but insignificant. As Security professionals it is important to know what goes on in your computer’s memory, what’s stored there, and what data you are putting at risk and perhaps knowing how an attacker sees you or your company’s RAM as their personal goldmine will motivate you to seek out ways to defend against it. Give it a try and see how good you are. You can download some of the programs I’ve mentioned and get practice images or dump files from Forensics Focus.
