Part 1: Data and Stream Extraction

Memory and Triage Acquisition

Windows Live System Memory Acquisition Tools:

• FTK Imager
• Magnet Forensics RamCapture
• Belkasoft Live Ram Capture
• DumpIt
• WinPMEM
• Redline
• MemprocFS

Basic memory Analysis Tools:

• FTK
• Internet Evidence Finder
• MANDIANTs Memorize
• Auditviewer
• Volatility
• HBGary’s Responder
• Passware Kit (to get encryption keys)