9.3. Task 9.3: Forcing a Memory Dump

The memory dump takes the contents of physical random access memory (RAM) and writes it to a file on the hard drive, to serve as a persistent copy for later analysis. Memory dumps may be useful for two main purposes: debugging problematic applications (not our issue here) and investigating an attack incident. As a record of what was going on in RAM, it can reveal to the trained analyst many details of the interactions among applications and between applications and the operating system. Many forms of exploit software, the type of code used in viruses, worms, Trojans, and so forth, implement code that interacts with applications and the operating system in an atypical manner. This software attempts to interact ...

Get Security Administrator Street Smarts: A Real World Guide to CompTIA Security+™ Skills, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.