Windows memory capture using Belkasoft live RAM capture free tool and dumpit
There are two tools that are good for capturing windows memory.
- Belkasoft live ram capturer
- Dumpit
Let’s first talk about belkasoft’s tool. Then we will discuss about the other one.
Go to the above link and provide your professional email address. Then you should get a link from belkasoft to download the tool.
If not then contact the belkasoft team (sales@belkasoft.com) to give you the link of this product.
Both architecture version are available.
Open the product using administrator’s credential. It will automatically detect how much ram your system has to capture.
Once the capture is completed, then this tool will auto save this using current date month year format (right to left). Now you just need to analyze it using volatility or Belkasoft Evidence Center X product.
I am using volatility3 to analyze the dump.
List of all the processes. Soon I will be publishing another writeup of how to use volatility 2 and 3 along with their commands as well.
Now let’s talk about dumpit tool.
From the above link you need to download the tool first.
Run the tool.
Press y to start the acquisition.
Once the capture is completed, you will see a file created with .dmp extension. This is your file. Now you can analyze that.
If you prefer to load the output into the Comae Platform, you need to be a member of the Magnet Idea Lab. Register now
By going to the above link (https://magnetidealab.com/) you need to register first with your professional email id. Once you are approved then you will be allowed to access comae (https://beta.comae.tech/) platform. This platform will allow you to upload your memory dump to the platform and analyze that graphically.
Thanks. I hope this blog will help you to capture windows memory image. Please subscribe below.
LinkedIn:
https://www.linkedin.com/in/md-mahimbin-firoj-7b8a5a113/
YouTube:
