From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Operating system analysis

Operating system analysis

From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response

Start my 1-month free trial

Operating system analysis

- [Instructor] Forensic examiners will often find themselves needing to dig into the inner workings of the operating system of a target system. This process is called Live Analysis, and it's unlike other types of offline analyses because you're interacting with a live system and collecting information from it that's highly volatile. If you don't collect that information quickly, it may be lost forever. One of the most volatile sources of digital forensic evidence is the contents of memory on a running system. You can use a technique called a memory dump to write the current contents of RAM to a file that may then be stored for offline analysis. Creating a memory dump is actually a fairly simple task. You'll need a memory dump tool. I'm going to use FTK Imager, the same utility that I used earlier to capture a drive image. It can perform memory dumps as well. I just click this button that looks like a memory chip, and…

Contents