Memory capture utilities

Digital forensic investigation is a field that is developing rapidly. This rapid growth demands quality tools to capture and analyze computer memory. Many utilities have been used capture and analyze computer memory. In this essay, I have provided an overview of some of the tools that are in common use in digital forensics.

RAMMap

Company: RAMMap is owned by Microsoft

Cost of License: It is available for a free download on Microsoft website.

Strengths: This utility is used to analyze physical memory on a window operating system. This utility can provide information about the usage of RAM by device drivers. Other information about RAM like kernel usage of RAM and file data cashed in RAM is also made available by this utility.

Weaknesses: Its main drawback is that Metafile, which contains NTFS metadata has to be cleaned manually.

FATKit or Forensic Analysis Toolkit

Company: It is an online open source project, meaning professionals from around the world can contribute to it.

Cost of License: FATKit is a framework that is available free of cost.

Strengths: This is a strong utility that is used by forensic professionals to extract information from physical memory in the wake of a crime. The extraction of information is automatic and can work in the extraction of data and its analysis at various levels.

Weaknesses: Its only drawback is that it can only be utilized by expert users.

Memoryze

Company: It is developed by Jamie Butler and Peter Silberman.

Cost of License: Memoryze is a free forensic analysis software.

Strengths: This software is distributed by a company known as FireEye. This utility can analyze memory images.

Weaknesses: The main drawback of this utility is that it is not so easy to learn and would require time and patience to learn it.