2. Memory Acquisition
Memory acquisition is the process of acquiring volatile memory (RAM) to non-volatile storage (file on the disk). There are various tools that allow you to acquire the memory of a physical machine. The following are some of the tools that allow you to acquire (dump) the physical memory onto Windows. Some of these tools are commercial, and many of them can be downloaded for free after registration. The following tools work with both x86 (32-bit) and x64 (64-bits) machines:
- Comae Memory Toolkit (DumpIt) by Comae Technologies (free download with registration):https://my.comae.io/
- Belkasoft RAM Capturer (free download with registration):https://belkasoft.com/ram-capturer
- FTK Imager by AccessData (free download with registration):https://accessdata.com/product-download
- Memoryze by FireEye (free download with registration):https://www.fireeye.com/services/freeware/memoryze.html
- Surge Collect by Volexity (Commercial): https://www.volexity.com/products-overview/surge/
- OSForensics...