Hi Iam currently doing an undergraduate course and Iam researching accessing files encrypted using an open source on the fly encryption program. I have done a bit of research and discovered the obvious methods like using various forms of surveillence to steal passwords, brute force attacks etc. The documentation for this software says that it unencrypts files in RAM and there is the possibility that these files can be written to the systems paging file.

I thought that maybe you could use a computer forensics tool to recover the unencrypted files from RAM or paging file? I was wondering if someone could point me in the direction of some good resources on forensics tools as I haven't been able to find much other than developers sites.....

cheers