Memory images can contain the contents of many processes, activity and files; including Internet Chat History. BIOS settings and VSS files (stored on user's hard drive) are not present in the memory image!Pretty much everything in the Operating system goes through Random Access Memory (RAM). Data available in the RAM is of immense value.
- Processes
- Threads
- Malware
- Rootkits
- Network URL, Sockets, IP Addresses
- Passwords, Caches, Clipboard data
- Encryption Keys
- Hardware Configuration
- Software configuration
- Registry Keys & Event logs in Windows
RSS Feed