Study of volatile data (RAM) of a system is Memory Forensics
Analysis includes the RAM and Page file data
The data is more like a snapshot in time
There are three main phases:
Analysis includes the RAM and Page file data
The data is more like a snapshot in time
There are three main phases:
- Acquisition
- Capture raw memory in forensically sound way.
- Hibernation File
- Context
- Develop Context
- File Important Memory Offsets
- Analyze
- Analyze Data for key elements
- Recover Evidence
RSS Feed