It may not be a good idea at the moment to use EnCase Enterprise or
WinEn for physical memory acquisitions. It was discovered by several
users, that "critical sections of physical memory are being overwritten
when a physical memory sample is acquired on certain hardware
configurations."
Volatile Systems reported that Guidance Software is aware of the issue, and is investigating. However, at this time there is no fix available yet and it is recommended that other memory acquisition tools are used instead. Such as Volatility, of course :)
Volatile Systems reported that Guidance Software is aware of the issue, and is investigating. However, at this time there is no fix available yet and it is recommended that other memory acquisition tools are used instead. Such as Volatility, of course :)
