Absolutely, we are set up for forensic collection, however we have not ventured too far into the realms of volatile memory, hence the question. Seems to be such a new field none of the team had any mention of it on various degrees/ post graduate courses. We have all used volatility and used it to give us some good hints in terms of where to look for malware on a forensic image, but that is relying on someone else providing us with the RAM capture.
I have tested out the Belkasoft tool - thanks for the recommendations, it is my favourite so far!
↧