Volatile Memory Col...
 
Notifications
Clear all

Volatile Memory Collection

8 Posts
6 Users
0 Likes
210 Views
(@aperture)
Posts: 3
New Member
Topic starter
 

Hi All,

I have analysed a memory dump on a number of occasions but I haven't ever had to take one. I was wondering what people's thoughts on the best way to do this? I have had a look around and can't find many up to date resources, so any info would be really appreciated.

Thanks.

 
Posted : 22/07/2014 8:42 pm
(@joe_t)
Posts: 14
Active Member
 

Hi All,

I have analysed a memory dump on a number of occasions but I haven't ever had to take one. I was wondering what people's thoughts on the best way to do this? I have had a look around and can't find many up to date resources, so any info would be really appreciated.

Thanks.

On Windows? I've found that Belkasoft's Live RAM Capturer works very well and it's free.

 
Posted : 22/07/2014 9:45 pm
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

Memory Forensics (Windows, Mac and Linux)
http//www.slideshare.net/suffert/2010-2013-sandro-suffert-memory-forensics-introdutory-work-shop-public#btnNext

 
Posted : 23/07/2014 9:02 am
(@aperture)
Posts: 3
New Member
Topic starter
 

Windows primarily yes. And I like free!

Thanks for the responses )

 
Posted : 23/07/2014 12:22 pm
Bendroid
(@bendroid)
Posts: 35
Eminent Member
 

Belkasofts tool is indeed working very well, great one. If you have OSForensics you can also use that, In conjunction with that little command line tool 'Volatilitiy' it's amazing.

 
Posted : 23/07/2014 2:43 pm
ForensicRanger
(@forensicranger)
Posts: 122
Estimable Member
 

Just remember that the RAM is just part of what you need…

 
Posted : 23/07/2014 7:40 pm
(@aperture)
Posts: 3
New Member
Topic starter
 

Absolutely, we are set up for forensic collection, however we have not ventured too far into the realms of volatile memory, hence the question. Seems to be such a new field none of the team had any mention of it on various degrees/ post graduate courses. We have all used volatility and used it to give us some good hints in terms of where to look for malware on a forensic image, but that is relying on someone else providing us with the RAM capture.

I have tested out the Belkasoft tool - thanks for the recommendations, it is my favourite so far!

 
Posted : 28/07/2014 4:47 pm
Adam10541
(@adam10541)
Posts: 550
Honorable Member
 

Xways Forensics can capture the RAM as well I believe.

 
Posted : 29/07/2014 11:13 am
Share: