Rob Lee, known from Mandiant and SANS, has written an excellent article
on memory forensic acquisition and analysis. For all you old-skool
forensic investigators out there, he has an important message: stop
pulling the plug!
A lot of valuable information will be lost if memory is not analysed, such as hidden processes, active network connections, currently logged on users, etcetera. Not to forget, a memory image can be searched for strings that might be useful later in the investigation as they might be passwords, for example.
A lot of valuable information will be lost if memory is not analysed, such as hidden processes, active network connections, currently logged on users, etcetera. Not to forget, a memory image can be searched for strings that might be useful later in the investigation as they might be passwords, for example.
