User:Tule-hog/Volatility (computing)

This is a draft article. It is a work in progress open to editing by anyone. Please ensure core content policies are met before publishing it as a live Wikipedia article. Last edited by Tule-hog (talk | contribs) 7 months ago. (Update)

Join in and help expand this draft!

A simple definition of volatility is any "storage media that require an external power supply to maintain stored information."^[1] More generally, volatility "measures how quickly data disappears from a system."^[2] Contemporary information storage technologies encompass a wide range of volatility characteristics (i.e., time preserved, garbage collection procedures, recoverability). Storage technologies can be ranked according to their volatility by aggregating these characteristics; this ranking is sometimes referred to as the order of volatility.

RFC 3227 suggests the following order of volatility (from most volatile to least):^[3]

• registers, cache
• routing table, arp cache, process table, kernel statistics, memory
• temporary file systems
• disk
• remote logging and monitoring data that is relevant to the system in question
• physical configuration, network topology
• archival media

• Volatile memory, Non-volatile memory
• Computer forensics § Volatile data
• Computer data storage § Volatility
• Computer memory § Volatility categories
• Memory hierarchy - ranking storage based on response time
• Computer data storage § Hierarchy of storage - ranking storage based on distance to CPU
• Digital forensics

• "Chapter 15 - Collecting and Preserving Digital Evidence". Scene of the Cybercrime (2 ed.). Elsevier. 2008. doi:10.1016/B978-1-59749-276-8.X0001-5.