What is memory Forensics?

Study of volatile data (RAM) of a system is Memory Forensics
Analysis includes the RAM and Page file data
The data is more like a snapshot in time
There are three main phases:

• Acquisition
  • Capture raw memory in forensically sound way.
  • Hibernation File
• Context
  • Develop Context
  • File Important Memory Offsets
• Analyze
  • Analyze Data for key elements
  • Recover Evidence