Computer memory is more than just another digital data source in an investigation—it’s a potential trove of actionable intelligence. Faster than acquiring a hard drive and composed of no more than a few gigabytes (compared to potentially terabytes of data), evidence found in memory can focus and shape interviews of compliant victims, witnesses, and suspects, as well as the deeper digital forensic examination of digital media.
Using a case scenario involving the cloning of credit card / personally identifiable information (PII), this webinar will show you how to recognize the circumstances in which memory acquisition makes sense, and why it matters. With an emphasis on user activity, you’ll learn how memory analysis delivers otherwise encrypted results, including device and account passwords. Understand memory artifacts including hiberfil.sys, pagefiles, $MFT resident data, registry hives and keys, and why they matter.