|Memory forensics

Memory forensics is the analysis of the volatile memory that is in use when a computer is powered on. We can analyse a computer's memory to see what applications (processes), what network connections were being made, and many more useful pieces of information. For example, we can analyse the memory of a computer infected with malware to see what the malware was doing at the time.

What is a Volatile Data

Volatile data is the data stored in temporary memory on a computer while it is running. When a computer is powered off, volatile data is lost almost immediately.

Where does the volatile memory come form

Computers use dedicated storage devices called Random Access Memory (RAM) to remember what is being performed on the computer at the time. RAM is extremely quick and is the preferred method of storing and accessing data. However, it is limited compared to storage devices such as hard drives. This type of data is volatile because it will be deleted when the computer is powered off. RAM stores data such as your clipboard or unsaved files.

Why is Memory Forensics Useful

Memory forensics is an extremely important element when investigating a computer. Information security professionals conduct memory forensics to investigate and identify attacks or malicious behaviors that do not leave easily detectable tracks on hard drive data.

What is a Memory Dump

A memory dump (also known as a core dump or system dump) is a snapshot capture of computer memory data from a specific instant. A memory dump can contain valuable forensics data about the state of the system before an incident such as a crash or security compromise. Memory dumps contain RAM data that can be used to identify the cause of an incident and other key details about what happened.

• Source: tryhackme | digitalguardian
• Wrote: December 11, 2022 | Azar 20, 1401
• Updated:
• Posted: December 11, 2022 | Azar 20, 1401