Tag Archives: RAM

Mac RAM Analysis Rekall Volatility software logos

Mac RAM Analysis Update 1

INTRODUCTION TO MAC RAM ANALYSIS UPDATE In our previous blog post, we talked about the initial obstacle of software being outdated or nonexistent. We still needed to conduct research and determine which tools we were going to use to capture RAM on a Mac, then analyze the contents of the RAM dump to see what […]

Continue reading
Net trying to capture a computer

Capturing RAM from a Locked Computer

The importance of acquiring and forensically analyzing RAM has been an exciting discovery in the digital forensics world. With a growing interest in RAM analysis, many tools have been developed to capture this volatile memory. Dumpit, RAM Capturer, and WinPmem, just to name a few, are all tools that can capture the live RAM of a system. While there are many programs out there to capture and analyze RAM, it is still a new technique that has not been perfected. RAM is very delicate as it is volatile and must be handled in a certain way. Even when handled properly, there are many limitations. One of the limitations is running a RAM capture executable on a locked computer, as you cannot run executables from a locked screen. The purpose of this project is to take RAM capturing a step further and attempt to find solutions to capture RAM from a computer that is powered on and was logged in, but is now locked. Continue reading