Memory forensics and why it’s so important to incident response


Memory Forensics is the process of analyzing volatile data living within a computer’s memory dump. Everything in the computer system move across RAM (Random Access Memory). 

  • Processes and threads
  • Malware 
  • Network Sockets, URLs, IP Address
  • Open Files 
  • User – generated content 
  • Passwords, caches, clipboards
  • Encryption Keys 
  • Hardware and Software configuration 
  • Windows registry keys and event logs 

RAM handles communication and enables things to get done between the CPU, Operating system. There are big advantages to conducting memory analysis like identifying malicious software activitiy, analyzing and tracking recent activity on the system and also collecting evidence that cannot be found anywhere else (Super value). 

As you can see, It will be very difficult for malicious actors to get away cleanly with so many foot prints left in memory.