What data can you find in RAM?
To determine if you need to collect Random Access Memory on-scene, it is useful to know what kinda of investigation-relevant data is often available in RAM.
Random Access Memory forensics starts with acquiring RAM from a live (turned on) system. There are several ways to collect the contents of RAM from a computer. Almost all of them require Live Data Forensics, a type of forensic practice that deals with computers or devices powered on, and the data is changing.
To do Live Data Forensics of any kind, you need to know how Random Access Memory works, how it changes, and how your actions on the target system will affect possible evidence in RAM (and on a hard drive).
RAM Acquisiton and Analysis Tutorial
We have a full course on Random Access Memory acqusition and forensic analysis. Use this link to get 5% off FULL COURSE on RAM Acquisition and Analysis.