ATC-NY's new forensics tool - Mem Marshal 1.0 - is a user-friendly, automated memory analysis system that assists and automates computer forensic investigations of volatile memory (RAM) images. Mem Marshal enables computer forensic investigators to analyze and effectively make use of information contained in volatile memory. Memory analysis produces important, case-relevant data for investigators that cannot be obtained from disk analysis, such as running applications, open files, and active network connections.
Mem Marshal enables investigators to focus and enhance time-consuming disk analysis. It reduces investigation time by using information acquired from memory images, which can be searched and analyzed quickly.
Mem Marshal follows forensic best practices and maintains a detailed log file of all activities it performs. It produces reports in RTF, PDF, and HTML formats. Mem Marshal is currently available at no cost to U.S. Law Enforcement. For more information on how to obtain a free copy visit their website at: http://www.memmarshal.com.
ATC-NY's Growing Family of Forensics Tools
Mem Marshal is part of ATC-NY's Cyber Marshal forensics products, including P2P Marshal, Live Marshal, Mac Marshal and Router Marshal, that are currently in use by U.S. law enforcement in all 50 states to investigate cyber crimes. Without automated tools, a forensic investigator's job to find evidence of illegal distribution of contraband and other crimes is manually intensive and time-consuming. These forensic tools greatly help investigators reduce the time required for the analysis process. These tools are also useful to private corporations for compliance checking. For example, a company that prohibits peer-to-peer software on its corporate systems could use P2P Marshal to confirm such compliance.
To read more about these forensics tools, visit the Cyber Marshal site at http://www.cybermarshal.com.