Digital Forensics Tutorial [Part 8] – Live RAM Capture

Digital Forensics Digital Forensics Course

By : Bijay Acharya / studentvideotutorial 

If you are here after all of my tutorials mentioned previous, then you have clear mindset on how vast is forensics section. Here, each and every small details can lead to suspect.

Now, in this tutorial of Digital Forensics, I am going to show step by step lab on how to download Belkasoft Live RAM Capturer, how to run it and we will analyze memory dumps captured with Belkasoft Live RAM Capturer  with Live RAM Analysis in Belkasoft Evidence Center. This part of tutorial will cover downloading, running and getting live RAM dumps with the help of Live RAM Capturer. Next part will be on analyzing dumps using Belkasoft Evidence Center.

Live RAM capturer as defined in official site of Belkasoft, “Belkasoft Live RAM Capturer is a tiny free forensic tool that allows to reliably extract the entire contents of computer’s volatile memory – even if protected by an active anti-debugging or anti-dumping system. Separate 32-bit and 64-bit builds are available in order to minimize the tool’s footprint as much as possible. Memory dumps captured with Belkasoft Live RAM Capturer can be analyzed with Live RAM Analysis in Belkasoft Evidence Center. Belkasoft Live RAM Capturer is compatible with all versions and editions of Windows including XP, Vista, Windows 7, 8 and 10, 2003 and 2008 Server.”

Step 1 : Go to official site of Belkasoft for downloading Live RAM Capturer and click download (or find it)

Step 2 : Fill the form available there. And they will send download link to your email box.

Step 3 : You will get live RAM capturer in zip file. Extract that. Then you will get files inside that. Note, x86 or x64 to run depending upon your OS.

Step 4 : Run “RamCapture64.exe” (in my case its 64).

Step 5 : Define where to save result. And click “capture”, then you will get .mem dump. I’ve got .mem dump. See below.

Next step : Now, we have to analyze this .mem file. For that we need next software from belkasoft, i.e. Belkasoft Evidence Center. That’ll be in next part.

Thank You.

[display-posts category=”digital-forensics-course” include_excerpt=”true” image_size=”thumbnail”]

Leave a Reply

Your email address will not be published.