Browse Definitions:
Definition

memory dump attack

Contributor(s): Matthew Haughn

A memory dump attack is the capture and use of RAM content that was written to a storage drive during an unrecoverable error, which was typically triggered by the attacker.

Developers commonly use memory dumps to gather diagnostic information at the time of a crash to help them troubleshoot issues and learn more about the event. The information stored in RAM at the time of a crash contains the code that produced the error. Retention of this error and the environment it occurred in is the usual purpose of a dump. As these dumps can include anything in the computer’s active RAM, they can present privacy and security concerns.

Hackers access memory dumps to obtain otherwise protected data or information or to compromise the host computer and/or systems it connects to. If an attacker gains some code execution and read capacity, he can cause a memory dump through a buffer overflow error (for example) and the resulting dump could be read on reboot. When that data is stored on the drive, it can also present security risks if savvy hackers access it and find sensitive information, cleartext passwords or decryption keys that normally would not be easily accessible.

Memory dump attacks can be thwarted by a number of means:

  • Programs that use password hashes instead of storing clear text passwords.
  • Tokenization so that only representative data will be in memory and sensitive data is stored elsewhere.
  • .NET based applications can use SecureString and Data Protection to limit the time that passwords are available unencrypted.
  •  Some Microsoft and other operating systems allow for memory dumps that contain less information and may also make it possible to turn off memory dumps.

In the event that a memory dump is triggered, the safest response is to track down the program that caused it and check for signs of intrusion such as keyloggers and packetsniffers.

This was last updated in January 2017

Continue Reading About memory dump attack

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

Dateiendungen und Dateiformate

Gesponsert von:

SearchCompliance

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

SearchSecurity

  • phishing

    Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication ...

  • vulnerability disclosure

    Vulnerability disclosure is the practice of publishing information about a computer security problem, and a type of policy that ...

  • incident response

    Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

SearchStorage

  • flash memory

    Flash memory, also known as flash storage, is a type of nonvolatile memory that erases data in units called blocks.

  • NAND flash memory

    NAND flash memory is a type of nonvolatile storage technology that does not require power to retain data.

  • NOR flash memory

    NOR flash memory is one of two types of nonvolatile storage technologies.

SearchSolidStateStorage

  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.

Close