ATTENTION: The new home of the Digital Forensics Wiki is at https://forensicswiki.xyz/. Yeah, it's a silly name, but it was cheap.
This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn
Memory Analysis is the science of using a memory image to determine information about running programs, the operating system, and the overall state of a computer. Because the analysis is highly dependent on the operating system, we have broken it into subpages:
Various types of encryption keys can be extracted during memory analysis. You can use AESKeyFinder to extract 128-bit and 256-bit AES keys and RSAKeyFinder to extract all private and public RSA keys from a memory dump . cryptoscan.py (plugin for the Volatility memory analysis framework) scans a memory image for TrueCrypt passphrases.