SANS Digital Forensics and Incident Response Blog: Tag - hbgary responder

Windows Physical Memory: Finding the Right Tool for the Job

I'm a big proponent of live incident response and forensic analysis, and as such, I've been following the windows memory analysis field of research closely for the last 3 years. There have been leaps and bounds made over the last year with the release of many great acquisition and analysis tools; however, there are caveats that must be taken into consideration before simply inserting these tools into your investigations. You must know what you're doing, how the tools you're using will impact the system and be able to explain those things to others, whether they be peers or jurors.

I also believe in having more than one "right" tool for the job as it gives me choices as I conduct an investigation and it provides validation that each tool is doing what it should. Below is a comprehensive list of available tools accompanied by screenshots