Hi All,
I have analysed a memory dump on a number of occasions but I haven't ever had to take one. I was wondering what people's thoughts on the best way to do this? I have had a look around and can't find many up to date resources, so any info would be really appreciated.
Thanks.
Hi All,
I have analysed a memory dump on a number of occasions but I haven't ever had to take one. I was wondering what people's thoughts on the best way to do this? I have had a look around and can't find many up to date resources, so any info would be really appreciated.
Thanks.
On Windows? I've found that
Memory Forensics (Windows, Mac and Linux)
http//
Windows primarily yes. And I like free!
Thanks for the responses )
Belkasofts tool is indeed working very well, great one. If you have OSForensics you can also use that, In conjunction with that little command line tool 'Volatilitiy' it's amazing.
Just remember that the RAM is just part of what you need…
Absolutely, we are set up for forensic collection, however we have not ventured too far into the realms of volatile memory, hence the question. Seems to be such a new field none of the team had any mention of it on various degrees/ post graduate courses. We have all used volatility and used it to give us some good hints in terms of where to look for malware on a forensic image, but that is relying on someone else providing us with the RAM capture.
I have tested out the Belkasoft tool - thanks for the recommendations, it is my favourite so far!
Xways Forensics can capture the RAM as well I believe.