The main task of a computer forensics investigator is to acquire and analyze computing devices’ memory images. In a nutshell, a memory image—widely known as a forensic image—is a static snapshot of all or part of the data on a computing devices’ secondary storage (e.g., HDD, SSD), attached storage device (e.g., USB thumb drive, external hard drive, magnetic tape), or RAM memory (when performing live acquisition on running systems). We can think of this image as a container of data, where you can store individual files or ...