Memory forensics is arguably the most fruitful, interesting, and provocative realm
of digital forensics. Each function performed by an operating system or application
results in specific modifications to the computer’s memory (RAM), which can often
persist a long time after the action, essentially preserving them. Additionally, memory
forensics provides unprecedented visibility into the runtime state of the system, such as
which processes were running, open network connections, and recently executed commands.
You can extract these artifacts in a manner that is completely independent of the
system you are investigating, reducing the chance that malware or rootkits can interfere
with your results. Critical data often exists exclusively in memory, such as disk encryption
keys, memory-resident injected code fragments, off-the-record chat messages, unencrypted
e‑mail messages, and non-cacheable Internet history records.

http://pan.baidu.com/s/1jGBUv2m

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法