Windows Memory Forensics Tools and Accessories

CaptureGUARD Physical Memory Acquisition Hardware – PCIe Add-on

This is a PCI Express add-on device* capable of imaging the physical memory of the computer it’s connected to. It creates dump files in the standard WinDD format that can be used with WindowsSCOPE or with other WinDD compatible dump analysis tools. It connects directly to the physical memory to read its contents. It requires a small CaptureGUARD driver to be installed on the system for the device to be recognized and to store memory contents to file. Unlike software-based memory acquisition tools, CaptureGUARD retrieves raw memory content directly from RAM independent from the operating system which can be compromised by malware.

* PCIe Add-on solution can also take the form of an ExpressCard with a PCIe adapter