DFIR Blog
  • Infosec
    • Blog
    • CISSP
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • Contact

Memory Forensics

Why Memory Forensics?

7/7/2019

 
Memory images can contain the contents of many processes, activity and files; including Internet Chat History.  BIOS settings and VSS files (stored on user's hard drive) are not present in the memory image!Pretty much everything in the Operating system goes through Random Access Memory (RAM). Data available in the RAM is of immense value.
  • Processes
  • Threads
  • Malware
  • Rootkits
  • Network URL, Sockets, IP Addresses
  • Passwords, Caches, Clipboard data
  • Encryption Keys
  • Hardware Configuration
  • Software configuration 
  • Registry Keys & Event logs in Windows
Think of memory as a vast park. To make the best use of your time and find the most relevant information, you'll need a map and a path. Memory images can contain the contents of many processes, activity and files; including Internet Chat History.  BIOS settings and VSS files (stored on user's hard drive) are not present in the memory image!
​



Comments are closed.

    Archives

    August 2019
    July 2019
    April 2019
    March 2019

    Categories

    All
    Ctf
    Defcon
    DFIR
    Forensics
    Memory
    Memory Forensics

    RSS Feed

  • Infosec
    • Blog
    • CISSP
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • Contact