Digital Forensics and Incident Response | DFIR
  • Blog
  • Infosec
  • Windows Forensics
  • Mac Forensics
  • Memory Forensics
  • Incident Response
  • Contact

What is memory Forensics?

7/5/2019

0 Comments

 
Study of volatile data (RAM) of a system is Memory Forensics
Analysis includes the RAM and Page file data
The data is more like a snapshot in time
There are three main phases:
  • Acquisition
    • Capture raw memory in forensically sound way.
    • Hibernation File
  • Context
    • Develop Context
    • File Important Memory Offsets
  • Analyze
    • Analyze Data for key elements
    • Recover Evidence
0 Comments



Leave a Reply.

    Archives

    August 2019
    July 2019
    April 2019
    March 2019

    Categories

    All
    Ctf
    Defcon
    DFIR
    Forensics
    Memory
    Memory Forensics

    RSS Feed