I previously wrote about using DumpIt for Windows memory captures. If all you need from a system is to capture memory, it fits the bill rather well. There have been some times where it’s given me some issue grabbing memory over 8GB. Nonetheless, what if you need to do more? Let’s say you need to get a binary image also, DumpIt can’t help you there. FTK Imager will do both and more. Today I’ll speak on the memory capture piece and will visit the binary image capture at a later time. To get a capture, follow the below very simple directions.
1. Download FTK Imager from their official site at http://accessdata.com/product-download.
2. Once downloaded and installed, open the program.
3. Click ‘File’ and select ‘Capture Memory’ as depicted in the below picture.
4. When the next screen appears, click Browse as depicted below to select the destination of your memory capture and then click ‘Ok’.
5. Your can change the name of your memory capture or leave it as the program default. Once complete, click ‘Capture Memory’.
6. The memory capture begins as depicted below.
7. Once complete, it will state as such as depicted below.