I am doing a CHFI (Certified Hacker Forensic Investigator) Certification. One of the place where data can be found is in the pagefile.sys. I know that you can use Control Panel, Administrative Tools, Local Security Policies etc... and set cleans pagefile.sys at shutdown. But during a Forensic Investigation, one copies the volatile information first. This includes Screenshots, DNS cache, ARP table, AND pagefile.sys, You certainly do not shut down the PC first and make a stream copy of the disk, you get as much "live data" as can be found, BEFORE you shutdown the PC.
Can the Pagefile be wiped without shutdown / reboot.?
