Chapter 2: Acquisition Process
Memory acquisition is usually referred to as the process of copying the contents of volatile memory to a non-volatile storage device for preservation. To have a good understanding of the process, the investigator needs to know at least some memory management principles, understand how tools for memory extraction work, and be able to choose the most appropriate tool and use it correctly. In addition, it is important to understand that creating full memory dumps is not always the only solution. There is live memory analysis, which also has its advantages and, in some cases, may be preferable to memory acquisition.
In this chapter, you'll learn about the following:
- Introducing memory management concepts
- What's live memory analysis?
- Understanding partial versus full memory acquisition
- Exploring popular acquisition tools and techniques
