FTK Memory Dump

Dndschultz · 2011-03-03T03:00:16Z

When would you import a memory dump?

Page 2 / 2 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by BitHead 14 years ago

11 Posts

6 Users

0 Reactions

2,731 Views

RSS

BitHead

(@bithead)

Noble Member

Joined: 20 years ago

Posts: 1206

06/03/2011 4:21 am

What OS is the memory dump from?

Memory analysis is a fledgling field. You are not likely to find nice pretty pieces of evidence. You will likely have to do some carving, some manual re-ssemble and some educated guessing. There are some options in FTK and EnCase for memory analysis. There are also some specialty tools like Volatility, Memoryze, Responder, etc. that you can use for some dumps.

ReplyQuote

Page 2 / 2 Prev

8 Forums
15.7 K Topics
92.3 K Posts
194 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed