Digital Forensic Tools from NIJ

Two new NIJ-sponsored digital forensics tools are now available to aid in investigations.

MemMarshal is a memory analysis system that assists and automates computer forensic investigations of volatile memory (RAM) images. MemMarshal enables computer forensic investigators to analyze and effectively make use of information contained in volatile memory. MemMarshal is free to law enforcement agencies. Learn more here.

Windows Memory Reader is a simple command-line utility to capture the contents of physical RAM on a suspect computer, letting an investigator gather volatile state information prior to shutting the machine down. This tool is free to all users. Learn more here.

View a list of all NIJ-sponsored tools and databases.

These tools are the result of an NIJ-funded project with Architecture Technology Corporation but are not distributed by the U.S. Department of Justice.

Next >

Lifting Latent Fingerprints from Difficult Surfaces

ALMOST ANYONE can find, process, and lift a latent print that happens to be in a logical and obvious place like a door handle, a beer can, or a butcher knife. But sometimes, a latent print is not just sitting there in a logical and obvious place. Sometimes, you have to use your imagination to find the print and your skills to lift it.