|
|
Belkasoft RAM Capturer
-
Version
1.0
Belkasoft RAM Capturer is a kernel-mode tool designed
to capture the content of the computer's volatile
memory in a forensically sound way. Developed by a
forensic research company, Belkasoft RAM Capturer
requires no installation and leaves as small a
footprint as theoretically possible. Coming with 32-
bit and 64-bit kernel-mode drivers, Belkasoft RAM
Capturer is able to overcome most current anti-
debugging and anti-dumping protection systems such as
nProtect GameGuard. Unlike many other memory dumping
tools operating strictly in user mode, Belkasoft RAM
Capturer works in the system's most privileged kernel
mode, being able to acquire the full content of the
computer's RAM.
Certain applications, including multi-player computer
games, communication tools, and malware implement anti-
debugging measures to actively block third-party tools
from accessing their memory sets. In mild, best-case
scenarios these proactive measures will simply cause
the memory dumping tool to read zeroes (or random
|