Chapter 4

Memory Forensics

Abstract

The chapter discusses the use of open source tools to collect memory and analyze it as part of a forensic investigation.

Keywords

operating systems

forensics

operating environments

INFORMATION INCLUDED IN THIS CHAPTER:

• Virtual memory

• Windows, Linux, Mac OS memory

• Memory extraction

• Swap space

Introduction

Data is permanently stored on what is called secondary storage, which is what we have been talking about so far – disk drives, USB flash drives, and other forms of permanent storage. However, when a computer is running and programs are using the data that has been retrieved from the disk, the programs and data are placed into primary storage or main memory. Well, it is used to be called as main memory. ...

Get Operating System Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Operating System Forensics by Ric Messier

Memory Forensics

Abstract

Keywords

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly