less than 1 minute read

Random Access Memory forensics starts with acquiring RAM from a live (turned on) system. There are several ways to collect the contents of RAM from a computer. Almost all of them require Live Data Forensics, a type of forensic practice that deals with computers or devices powered on, and the data is changing.

To do Live Data Forensics of any kind, you need to know how Random Access Memory works, how it changes, and how your actions on the target system will affect possible evidence in RAM (and on a hard drive).