Imaging RAM with Nigilant32

Nigilant32 is an incident response tool designed to capture as much information as possible from a running system with the smallest potential impact. Nigilant32 has been developed with Windows 2000, XP, and 2003 in mind, and should work fine with computers running one of those operating systems. Nigilant32 is beta software and may not work in all instances.

You can download a simple tutorials about Nigilant32 from here.

After downloading the Zip file extract to folder ( using WinRAR/WinZip )

Open Nigilant32.exe

image

image

go to Tools Menu >> Image Physical Memory

image

image

Now press Start button and provide the file path where to save.

here you can observe one thing , total RAM will be stored as .img file

image

wait for few minutes ( its depends on live windows system )

image

(here i am using 512 MB of RAM for my VM Machine ) >> OK

image

Here i saved my image file in my documents and you can observe the File imageRAM.img along with  imageRAM.txt ( contains information about Physical Memory Imaging Log )

NOTE : don’t compare with traditional dd.exe with Nigilant32

Advertisements

About this entry