Back to News

Don't Forget RAM Capture: A Key to Digital Forensics

Posted by ADF Solutions on April 20, 2018
ADF Solutions

Ram CaptureDigital forensic experts understand the importance of remembering to perform a RAM Capture on-scene so as to not leave valuable evidence behind.  Capturing volatile data in a computer's memory dump enables investigators and examiners to do a full memory analysis and access data including:

  • browsing history
  • encryption keys
  • chat messages
  • clipboard contents 
  • run-time system activity
  • open network connections (often these artifacts are only found in RAM)
  • recently executed commands and processes
  • injected code fragments
  • memory stored before shut down or crash

The practice of RAM Capture is an important aspect of memory forensics that can be used  during a digital forensic investigation of criminal activity, hacking, cyber crime or insider threats.  In the case of hacking, attackers sometimes develop malware that only lives in memory which makes it difficult to detect if random access memory is not captured.

ADF Digital Evidence Investigator software allows field investigators to quickly perform a RAM Capture while on-scene.  Next, DEI can start the process of scanning the target computer with customized search profiles to allow investigators to immediately begin analysis and to start building HTML or CSV reports which can be shared with other investigators, prosecutors or a forensic lab. 

Learn How: RAM Capture

Topics: Cyber Crime, Digital Forensics, Digital Evidence Investigator, Triage-G2, Triage-Investigator, Cybersecurity, Insider Threat, RAM Capture

Get Triage & Digital Forensic News (once a month)

Posts by Tag

See all

Recent Posts