Analysing Volatile Memory
Premium roomLearn how the Windows OS manages volatile data in different files on disk. Explore how to extract and analyse volatile data from those artefacts.
medium
To access material, start machines and answer questions login.
In the Windows , volatile memory stores data currently accessed or manipulated by the operating system or the user. It is termed volatile due to its transient nature. This memory type is characterized by the temporary retention of data, which is removed upon system shutdown or restart.
In this Room, we will discuss various ways Microsoft manages its volatile memory apart from the .
Learning Objectives
In this Room, we will cover the following learning objectives:
- How Windows Manages Volatile Memory
- Overview of PageFile and how to examine the pagefile
- How a volatile memory is stored once the system is hybernated.
- How to explore the Crash dump.
Pre-requisites
This Room expects users to have a basic understanding of forensics. The following rooms provide the basic knowledge needed to move forward in this Room:
Let's Dive in.
Ready to learn Cyber Security?
The Analysing Volatile Memory room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in