Posts Tagged ‘ram analysis’

AXIOM is our one of the best tools. A few days ago Magnet Forensics has released AXIOM V2. Now AXIOM contains many features. We were especially delighted that the functional Volatility appeared in a new version of AXIOM. Volatility is the best tool for memory forensics. The combination of AXIOM and Volatility is clearly an excellent idea. And of course we immediately started testing this functionality.

This article describes the plug-in volatility with a unified output. There are many excellent resources for studying Volatility available. The author of the article wrote an absolute guide for beginners on writing your first plugin.

Everybody know it is hard to create the memory dump of the Linux running PC. LiMEaide can help an investigator doing it. The tool is a Linux client for remotely dump RAM creating.

Forensic examination in the registry has long been referred to the analysis of only readily available Registries from Microsoft Windows®, often one at a time, in vain takes a lot of time and an archaic way. Registry Recon is not just another Registry parser. Digital forensics experts armed with Hibernation Recon are now able to leverage not only the active contents of Windows hibernation files, but also massive volumes of information in the multiple types (and levels) of slack space that often exist within them.