Thursday, February 08, 2018 (10:05:47)
Memory Dump Formats
As in other storage devices, volatile memory also has several formats. According to the acquisition method that is in use, the captured file format can be vary. According to (Ligh et al, 2018) the most commonly used memory dump formats are:
- RAW memory dump.
- Windows crash dump.
- Windows hibernation files.
- Expert witness format (EWF).
- HPAK format.
Raw memory dump is the most commonly used memory dump format by modern analysis tools. According to (Ligh et al, 2018) these raw file formatted memory dumps do not contain headers, metadata, or magic values.
- Posted by: scar
- Topic: News
Log in to post a comment. The comments are owned by the poster. Forensic Focus is not responsible for their content.