Digital Evidence Investigative Tools: Analyzing Live Memory

Live memory analysis can produce important, case-relevant data for investigators that cannot be obtained from disk analysis. This information includes running applications, open files, Web browser usage, recently used passwords and stored encryption keys.

Memory analysis is of particular interest in malware (malicious software used to infiltrate a system) analysis and incident response, because it is capable of analyzing machines in which the operating system has been subverted.

Date Created: March 4, 2015