O'Reilly logo

Learning Network Forensics by Samir Datt

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Acquiring memory using FTK Imager

Memory is a very important source of evidence in an investigation process. All activities that happen on a system are usually reflected in the memory at the time.

The following is a step-by-step guide to acquire a system's volatile memory using the product FTK Imager.

This can be downloaded for free at http://accessdata.com/product-download.

  1. Run FTK Imager as an administrator, as shown in the following screenshot:
    Acquiring memory using FTK Imager
  2. Click on the File menu and select Capture Memory, as shown in the following screenshot:
    Acquiring memory using FTK Imager
  3. Browse the destination ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required