Windows memory forensics

  • Ruff N
  • 35


    Mendeley users who have this article in their library.
  • 18


    Citations of this article.


This paper gives an overviewof all known “live” memory collection techniques on a Windows system, and freely available memory analysis tools. Limitations and knownanti-collection techniques will alsobereviewed. Anal- ysis techniques will be illustrated through some practical examples, drawn from past forensics challenges. This paper is forensics-oriented, but the information provided informa- tion will also be of interest to malware analysts fighting against stealth rootkits.

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • Nicolas Ruff

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free