Volatile memory extraction utility framework

Volatility Framework - Volatile memory extraction utility framework 

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

 https://github.com/volatilityfoundation/volatility/wiki

Capture Live RAM

https://belkasoft.com/ram-capturer

Belkasoft Live RAM Capturer is a tiny free forensic tool that allows to reliably extract the entire contents of computer’s volatile memory – even if protected by an active anti-debugging or anti-dumping system. Separate 32-bit and 64-bit builds are available in order to minimize the tool’s footprint as much as possible. Memory dumps captured with Belkasoft Live RAM Capturer can be analyzed with Live RAM Analysis in Belkasoft Evidence Center. Belkasoft Live RAM Capturer is compatible with all versions and editions of Windows including XP, Vista, Windows 7, 8 and 10, 2003 and 2008 Server.


Why Memory Dump Is the First Thing To Do During the Acquisition

Memory dumps are a valuable source of ephemeral evidence and volatile information. Memory dumps may contain passwords to encrypted volumes (TrueCrypt, BitLocker, PGP Disk), account login credentials for many webmail and social network services such as Gmail, Yahoo Mail, Hotmail; Facebook, Twitter, Google Plus; file sharing services such as Dropbox, Flickr, SkyDrive, etc.

sandboxie ile şüpheli uygulamaları güvenle çalıştırın

Şüphe duyduğunuz uygulamaları izole ederek çalıştırmanıza olanak sağlayan bir uygulamala.

https://sandboxie.com/