Windows Memory Forensics Tools and Accessories

CaptureGUARD Physical Memory Acquisition Hardware – ExpressCard

This is an ExpressCard device capable of imaging the physical memory of the computer it’s connected to. It creates dump files in the standard WinDD format that can be used with WindowsSCOPE or with other WinDD compatible memory dump analysis tools. It connects directly to the physical memory to read its contents. It requires a small CaptureGUARD device driver to be installed on the system for the device to be recognized and to store memory contents to file. Unlike software-based memory acquisition tools, CaptureGUARD retrieves raw memory content directly from RAM independent from the operating system which can be compromised by malware.