Dumpit and FTK Imager
Objective of this exercise is to learn how to capture RAM Image using dumpit and FTK Imager. Once RAM image is captured, volatile data is preserved. Forensic investigator will analyze image with volatility to find credentials, systems hashes, registry configurations, processes, dynamic link libraries and ports opend by process. Forensic investigator should have RAM image, and this exercise will explain how to capture RAM image.
Download Lab Manual