±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 33512
New Yesterday: 0 Visitors: 190

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Memory Dump Formats

Thursday, February 08, 2018 (09:05:47)

Memory Dump Formats

As in other storage devices, volatile memory also has several formats. According to the acquisition method that is in use, the captured file format can be vary. According to (Ligh et al, 2018) the most commonly used memory dump formats are:

- RAW memory dump.
- Windows crash dump.
- Windows hibernation files.
- Expert witness format (EWF).
- HPAK format.

Raw memory dump is the most commonly used memory dump format by modern analysis tools. According to (Ligh et al, 2018) these raw file formatted memory dumps do not contain headers, metadata, or magic values.

Read More

0 comments

Log in to post a comment. The comments are owned by the poster. Forensic Focus is not responsible for their content.
Threshold