Volatility is a well know collection of tools used to extract digital artifacts from volatile memory (RAM). PassMark Software has released Volatility Workbench to aid the use of Volatility with OSForensics.
Daniel Pistelli shared a short post about Windows memory forensics on OSX. He described a piece of software called Profiler.
The file system is the contents of the notepad, and the file is the word. For hard disks in a PC at the moment, two file systems are most common: FAT or NTFS. First FAT (FAT16) appeared, then FAT32, and then NTFS.
Most hackers use remote access Trojans (RATs) and they almost always use the RunPE method. This method generates a legitimate process executable (PE) file, so this is often the default browser or Microsoft system process, and replaces it with malicious code directly in memory. This allows the computer to process malicious code as a legitimate process. As soon as this happens, your antivirus program does not know that your browser is effectively turned into a virus by default.