Memory Analysis (Part 1)

Recently being interested in forensic science and intelligence I decided to elaborate on memory analysis classification and came up with the following division:

- Memory Analysis Forensics

Answering questions related to a committed computer crime. The suspect may be a human or a software / hardware component. Incident response, troubleshooting and debugging belong to this category. Postmortem memory analysis is usually analysis of dump files saved and detached from the original system or operating conditions.

- Memory Analysis Intelligence

Monitoring memory state for behavioural and structural patterns to prevent certain events from occurring. Usually done in situ. However digital dumpster divers and spies may also collect and analyze memory data that was detached from the original computer system.

Each category can be further subdivided into:

– Functional Memory Analysis

Tracing of events.


Analysis of memory states and their evolution.

The latter can be subdivided into: 

Static Memory Analysis

Traditional memory dump analysis.

Dynamic Memory Analysis

Live debugging.

- Dmitry Vostokov @ -

One Response to “Memory Analysis (Part 1)”

  1. Crash Dump Analysis » Blog Archive » An Integral Memory Analysis Says:

    […] the introductory division of memory analysis into two broad categories I decided to plan yet another book with the following title and […]

Leave a Reply

You must be logged in to post a comment.