Evilblog

  In this quick post we are going to extract juicy info from a raw memory image. This method can be helpful to find digital evidence from suspect computer.  This post is not beginner friendly, so you need to have knowledge of some concept like Memory Imaging . In short Memory imaging is the process of making a bit-by-bit copy of RAM.  Why memory Imaging   As your computer memory stores a lot of information and we know the information which can be recovered from a disk image can also be recoverable from memory which can help investigator to extract a lot of sensitive information like runtime system activity, stored password, command and process which was executed recently. Why Bulk Extractor Bulk extractor is really useful open source tool, it ignores the file system structure and can scan disk image, memory image, etc and can also extract email, URL, credit card details, etc. This can help investigator to get a good lead in his investigation and can also help malware analyst to get Ind