Investigators can now scan all available Mac computers (including macs with T2 or M1 chips) with all types of encryption and virtual drives by running a remote agent that communicates with the desktop application. Now you can perform digital forensic triage on all Macs including
RAM, short for Random Access Memory, is physical hardware that temporarily stores data for quick read and write access. Think of RAM as a scratch pad you use while working; although all the information you need and may refer to is stored in a binder (in this analogy, your hard drive), the information on the scratch pad is what you are using and need right in the moment. With RAM, it is right there for you to access. While RAM helps with the speed and efficiency of the computer, it can all be lost in an instant as it is volatile.
Learn how to conduct a Windows live scan with ADF Solutions Digital Evidence Investigator. Two USB ports are required to complete a scan, one for the Collection Key and one for the Authentication Key, once the scan has started the Authentication Key can be removed. A USB hub may be used in cases where the target computer only has one USB port.
When running a live scan from a Collection Key it is possible to create a RAM dump of the computer. RAM dumps can then be analyzed with appropriate software (e.g. Volatility).
