Description
Belkasoft Live RAM Capture dumps the volatile memory of a system.
Belkasoft RAM Capturer offers forensic specialists the ability to take snapshots of the computer’s volatile memory (memory dumps) even if an anti-dumping protection is active. The supplied kernel-mode driver can successfully capture memory content of applications protecting their working set against dumping, including chats occurring in Karos and other MMORPG games.
Review
The program was very easy to download, install and run. I found it to be overall ok and would recommend using other solutions.
Pros
It was very easy to use, it has a wizard which guided me through the process.
Cons
After doing the memory dump it wanted to download another program (Belkasoft Evidence Center) in order to read the memory dump.
Before allows me to download the program it wanted to gather information such as name and email address. After entering the information, the link was sent to my email. I found this process to be very annoying. I will have to add them to my spam filter because we all know what is coming.
Usage
Using a windows 8.1 machine I dumped the memory and analyzed the contents.
I downloaded extracted the program.
After running the program it dumped a file with a .mem extention
After the file was created it asked me to download Belkasoft Evidence Center in order to view the dump.
Please see Belkasoft Evidence Center tool
Resources
http://belkasoft.com/en/
No comments:
Post a Comment