SANS Digital Forensics and Incident Response Blog: Daily Archives: Nov 19, 2008

Memory Forensic Acquisition and Analysis 101

Stop Pulling The Plug!!


Over the past several years, many tools have been released that have focused on memory acquisition from Windows systems. The next step in memory forensics is analysis.Starting with the DFRWS 2005 challenge, memoryforensic analysis began a life that went beyond a rudimentary string search or data carve.Analysts were finally able to extract process related data from memory captured from a machine.

In 2008, this culminated with manyprofessionals stating at the SANS Forensic Summit that the day of "pulling the plug" during evidence