Digital Forensic Tools from NIJ

Two new NIJ-sponsored digital forensics tools are now available to aid in investigations.

MemMarshal is a memory analysis system that assists and automates computer forensic investigations of volatile memory (RAM) images. MemMarshal enables computer forensic investigators to analyze and effectively make use of information contained in volatile memory. MemMarshal is free to law enforcement agencies. Learn more here.

Windows Memory Reader is a simple command-line utility to capture the contents of physical RAM on a suspect computer, letting an investigator gather volatile state information prior to shutting the machine down. This tool is free to all users. Learn more here.

View a list of all NIJ-sponsored tools and databases.

These tools are the result of an NIJ-funded project with Architecture Technology Corporation but are not distributed by the U.S. Department of Justice.

 
Next >






Editorial

ONE OF THE CHALLENGES of writing and editing a magazine is telling a story in a relatively small amount of space. Sometimes it seems like there is never enough room to say everything that needs to be said. I find myself making tough decisions about what parts stay and what parts go.

Read more...