While there are many tools and techniques available to examiners for recovering data from volatile memory, ADF Digital Evidence Investigator®, Triage-Investigator®, and Triage-G2® are fast and easy.
A simple 2-step process lets non-technical investigators and examiners quickly perform a RAM capture when running a live scan on the computer from a collection key:
- Click "Create RAM Dump" from the main menu
- The RAM Dump will be saved to the collection key as a .bin file and then zipped
