Pagefile

Live Forensics: Pagefile

Lab Requirements

  •  

In this demo, we will explore different ways how to perform live forensics and acquire artifacts that can aid the investigator even though acquiring the memory image of the system is not feasible.

We will be tackling about a Windows source artifact called Pagefile.

 

Hibernation File

Live Forensics: Hibernation File

In this demo, we will explore different ways how to perform live forensics and acquire artifacts that can aid the investigator even though acquiring the memory image of the system is not feasible.

We will be tackling about a Windows source artifact that can even replace a full memory image of the system for analysis, called Hibernation File.