NY, USA - ATC-NY's new computer forensic tool, Windows Memory Reader, is a simple command-line utility to capture the contents of physical RAM on a suspect computer, letting an investigator gather volatile state information prior to shutting the machine down. Results are stored in a Windows crash dump or raw binary file for later off-line analysis by the investigator. Researchers can also use Windows Memory Reader to capture memory-mapped device data, such as shared video memory.
Windows Memory Reader supports Windows XP through Windows 8, both 32-bit and 64-bit versions. Windows Memory Reader was developed as part of the Mem Marshal project, sponsored by the National Institute of Justice.
ATC-NY's Growing Family of Forensics Tools
Windows Memory Reader is one of ATC-NY's Cyber Marshal forensic products, including P2P Marshal, Live Marshal, Mac Marshal and Router Marshal, which are currently in use by U.S. law enforcement in all 50 states to investigate cyber crimes. Without automated tools, a forensic investigator's job to find evidence of illegal distribution of contraband and other crimes is manually-intensive and time-consuming. These forensic tools greatly help investigators reduce the time required for the analysis process. These tools are also useful to private corporations for compliance checking. For example, a company that prohibits peer-to-peer software on its corporate systems could use P2P Marshal to confirm such compliance.