Study on Live analysis of Windows Physical Memory

Memory forensics and data carving methods are usually used during volatile investigation and is nowadays a big area of interest. Volatile memory dump is used for offline analysis of live data. Live analysis of the running system gives the information of which events are going on. Volatile memory analysis can give the sensitive information such as user Ids, passwords, hidden processes, root kits, sockets etc. which are not stored on the physical drive. This paper represents various approaches and tools used to capture and analyze data from computer memory.

Resource Details

Provided by: