Digital Forensic Tools from NIJ

Two new NIJ-sponsored digital forensics tools are now available to aid in investigations.

MemMarshal is a memory analysis system that assists and automates computer forensic investigations of volatile memory (RAM) images. MemMarshal enables computer forensic investigators to analyze and effectively make use of information contained in volatile memory. MemMarshal is free to law enforcement agencies. Learn more here.

Windows Memory Reader is a simple command-line utility to capture the contents of physical RAM on a suspect computer, letting an investigator gather volatile state information prior to shutting the machine down. This tool is free to all users. Learn more here.

View a list of all NIJ-sponsored tools and databases.

These tools are the result of an NIJ-funded project with Architecture Technology Corporation but are not distributed by the U.S. Department of Justice.

 
Next >






Interview with an Expert

One of the more specialized areas of crime-scene investigation has to do with searching for evidence of arson. To get some background in this area, we spoke with an individual who has had more than 46 years in fire service, 24 of which have focused specifically on fire/arson investigation.

Read more...