We also offer a RAM Analysis service. In almost all computer investigations information contained in the RAM has something to offer the investigator. Most leading Police departments are now routinely capturing the RAM of a running computer at time of seizure. Subsequent analysis is often missed or is cursory as the specialist skills required are not that commonly practiced. CSITech teach a very popular memory (RAM) analysis course but find that just months later investigators have forgotten some of the skills needed to carry out a professional and complete study of the data.
As a direct result of feedback from our clients, we now offer RAM Analysis as a Service (RAaaS) to Police and other Government Agencies. It is affordable and can produce excellent evidence or intelligence that may not exist on the disk.
Consider this small sample of examples:-
- The suspect was using private browsing which may cache nothing to disk. Internet history can still be extracted from RAM.
- The suspect states that his machine was infected with a Remote Access Trojan. Only analysis of the RAM can definitively confirm or deny such a claim.
- The suspect was connected to a server but we don’t know what he was doing. We are able to carve raw network packets from a RAM dump and recreate exactly what the suspect was doing, even what he saw on the screen.
- The suspect was in an Internet café which uses DeepFreeze to reset the hard disk. The RAM will still provide significant evidence.
- You have an encrypted Keychain from an Apple OSX machine. Extraction of master keys from the Ram dump can decrypt the Keychain without the password being needed.
- You need passwords for encrypted disks, Windows logins or documents and the suspect will not disclose them. Often passwords can be found in RAM and Windows login passwords can always be exposed.
Using only investigators that actually teach Advanced RAM Analysis to Agencies across Europe we will fully examine a RAM dump for just £2995 + VAT. The report will usually be on your desk just 7 days after receipt of the data.
For urgent cases please call 07970 663160, otherwise fill out the contact form and we will get in touch as soon as possible.