Memory forensics/analysis is an interesting playground in the security and digital forensics investigation area, it consists of acquiring and analyzing the image of a volatile running computer memory. With the right tools and techniques, various interesting forensics artifacts can be extracted and examined leading to better understand the content of the captured memory image. In this article we are going to scratch the tip of the iceberg in this topic by introducing two simple yet powerful tools (DumpIt and Volatility) that can help you start playing around in this area.

Continue reading “Getting Started With Memory Forensics”