SANS Computer Forensics Blog.
I've been certified as GCFA since 2005 and memory analysis in new course material is more in depth.
I only highlight the stages of memory analysis here:
1. Identify Rogue Processes
2. Analyze Process DLLs and Handles
3. Review Network Artifacts
4. Look for Evidence of Code Injection
5. Check for Signs of a Rootkit
6. Acquiring Processes and Drivers
These stages make me open eyes widely to understand not all evidence be found on dead forensic image that may be retrieved in memory - especially volatile registries. Some malwares take advantages of memory space to compromise PCs while all volatile data will be gone once the PCs are powered off. I'll provide more details in coming blogs.
