記憶體鑑識(Memory Forensics)

Volatility Framework : is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
https://www.volatilesystems.com/default/volatility

MANDIANT Memoryze : is free memory forensic software that helps incident responders find evil in live memory.
http://www.mandiant.com/products/free_software/memoryze/