Imaging RAM with Nigilant32
Nigilant32 is an incident response tool designed to capture as much information as possible from a running system with the smallest potential impact. Nigilant32 has been developed with Windows 2000, XP, and 2003 in mind, and should work fine with computers running one of those operating systems. Nigilant32 is beta software and may not work in all instances.
You can download a simple tutorials about Nigilant32 from here.
After downloading the Zip file extract to folder ( using WinRAR/WinZip )
Open Nigilant32.exe
go to Tools Menu >> Image Physical Memory
Now press Start button and provide the file path where to save.
here you can observe one thing , total RAM will be stored as .img file
wait for few minutes ( its depends on live windows system )
(here i am using 512 MB of RAM for my VM Machine ) >> OK
Here i saved my image file in my documents and you can observe the File imageRAM.img along with imageRAM.txt ( contains information about Physical Memory Imaging Log )
NOTE : don’t compare with traditional dd.exe with Nigilant32
About this entry
You’re currently reading “Imaging RAM with Nigilant32,” an entry on th3d1g1t
- Published:
- December 6, 2011 / 6:39 pm
- Category:
- Forensics, Information Security, Malware, Security
- Tags:
No comments yet
Jump to comment form | comment rss [?] | trackback uri [?]