Thoery

Memory Forensic

When delving into breach investigations or malware analysis, it is crucial to explore diverse computer data sources rather than solely relying on traditional disk analysis. Unlike non-volatile storage mediums, data residing in RAM is volatile. Acquiring this data from a live machine is highly valuable for forensic investigation. This experiment aims to familiarize participants with various artifacts retrievable from a memory dump, highlighting their relevance through familiar use cases in memory forensics.