memory analysis Archives - Forensic Focus

Capturing RAM Dumps and Imaging eMMC Storage on Windows Tablets

12th May 20201st May 2015

Oleg Afonin, Danil Nikolaev, Yuri Gubanov
© Belkasoft Research 2015

While Windows desktops and laptops are relatively easy to acquire, the same cannot be said about portable Windows devices such as tablets and convertibles (devices with detachable keyboards). Having no … Read more

Windows Logon Password – Get Windows Logon Password using Wdigest in Memory Dump

12th May 202028th April 2014

1. Introduction

The former way to acquire the Windows logon password of user is to get a NTML hash value through the Windows logon session and registry then crack it. [Figure 1] shows the well-known ways to get a NTML … Read more

Digital forensics of the physical memory

12th May 202010th July 2011

First published September 2005

Mariusz Burdach
[email protected]
Warsaw, March 2005
last update: July 11, 2005

Abstract

This paper presents methods by which physical memory from a compromised machine can be analyzed. Through this methods, it is possible to extract useful … Read more