Live Forensics: Pagefile
Lab Requirements
- VMWare – Win7x64 Systems
- Windows Registry Editor
- Strings by Sysinternals
- AccessData FTK Imager
- Photorec
- BulkExtractor
- VMWare – Win7x64 Systems
In this demo, we will explore different ways how to perform live forensics and acquire artifacts that can aid the investigator even though acquiring the memory image of the system is not feasible.
We will be tackling about a Windows source artifact called Pagefile.