I previously wrote about using DumpIt for Windows memory captures. If all you need from a system is to capture memory, it fits the bill rather well. There have been some times where it’s given me some issue grabbing memory over 8GB. Nonetheless, what if you need to do more? Let’s say you need to get a binary image also, DumpIt can’t help you there. FTK Imager will do both and more. Today I’ll speak on the memory capture piece and will visit the binary image capture at a later time. To get a capture, follow the below very simple directions.
1. Download FTK Imager from their official site at http://accessdata.com/product-download.
2. Once downloaded and installed, open the program.
3. Click ‘File’ and select ‘Capture Memory’ as depicted in the below picture.