0

What is the simplest or most common method to read a value, for example a text, from the RAM of a personal computer? What access requirements are necessary for this? Is a search in a hex dump always required or are there shorter ways?

BeloumiX
  • 246
  • 1
  • 5

1 Answers1

1

Since you tagged this question as "cold boot attack" and "forensics", I presume you're asking about a physical memory dump.

These dumps are usually acquired by something like pcileech, using a special hardware device as an interface to the target system's memory. You may also acquire a memory dump from a crash dump or some other forensic tool. Generally you're copying the entire contents of physical memory into a dump file for later analysis.

Once you've got a memory dump, it's possible to just search through it using a hex editor, but generally people use tools like volatility to analyse them. This provides much more information about the state of the system, since it can parse various operating system structures.

Polynomial
  • 132,208
  • 43
  • 298
  • 379