Dumping RAM Contents

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

I'm trying to find a utility that will allow me to dump the contents of RAM
to a file. It's actually for a computer forensic class in grad school. Any
body know a utility that can accomplish this for WIN XP?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hiberfile.sys contains the contents of RAM from the last hibernation.
Otherwise you set up a complete memory dump in Startup and recovery, and
then make Windows toss it's cookies, BSOD.

Chris Coryell wrote:

> I'm trying to find a utility that will allow me to dump the contents of RAM
> to a file. It's actually for a computer forensic class in grad school. Any
> body know a utility that can accomplish this for WIN XP?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Thanks for replying so quickly. I'm trying to get the contents of RAM
without rebooting the machine. Is there a way to get Windows to dump the RAM
into a file without changing the system state?

"Bob I" wrote:

> Hiberfile.sys contains the contents of RAM from the last hibernation.
> Otherwise you set up a complete memory dump in Startup and recovery, and
> then make Windows toss it's cookies, BSOD.
>
> Chris Coryell wrote:
>
> > I'm trying to find a utility that will allow me to dump the contents of RAM
> > to a file. It's actually for a computer forensic class in grad school. Any
> > body know a utility that can accomplish this for WIN XP?
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Probably, but you would have to look for it. www.google.com

Chris Coryell wrote:

> Thanks for replying so quickly. I'm trying to get the contents of RAM
> without rebooting the machine. Is there a way to get Windows to dump the RAM
> into a file without changing the system state?
>
> "Bob I" wrote:
>
>
>>Hiberfile.sys contains the contents of RAM from the last hibernation.
>>Otherwise you set up a complete memory dump in Startup and recovery, and
>>then make Windows toss it's cookies, BSOD.
>>
>>Chris Coryell wrote:
>>
>>
>>>I'm trying to find a utility that will allow me to dump the contents of RAM
>>>to a file. It's actually for a computer forensic class in grad school. Any
>>>body know a utility that can accomplish this for WIN XP?
>>
>>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Toss its cookies." cool. I suppose he could just throw in a Norton driver
that oughta do it.

--
George Hester
_______________________________
"Bob I" <birelan@yahoo.com> wrote in message
news:etBSLCIiFHA.1416@TK2MSFTNGP09.phx.gbl...
> Hiberfile.sys contains the contents of RAM from the last hibernation.
> Otherwise you set up a complete memory dump in Startup and recovery, and
> then make Windows toss it's cookies, BSOD.
>
> Chris Coryell wrote:
>
> > I'm trying to find a utility that will allow me to dump the contents of
RAM
> > to a file. It's actually for a computer forensic class in grad school.
Any
> > body know a utility that can accomplish this for WIN XP?
>

 

[macintoshe]

Down load Helix and burn the ISO to disk. It has a windows forensic side which will allow a ram dump fro a live system. Of course it will leave a foot print for the Helix disk and applications but it does give the ram dump.