I had not heard about this update yet, but I was pleasantly surprised when I visited Access Data’s download site today. It appears that they have updated their FTK Imager Lite to version 2.6.1. I am not sure about all of the updates that were included, but the most important thing I do know about is that it will now acquire system memory.
If you don’t have FTK Imager Lite in your arsenal you should reconsider why you have not obtained it yet. This tool is one of the most important tools when it comes to rapidly obtaining system information. Put this tool on a USB drive, attach it to the system you are investigating, and quickly grab system memory, the registry, system event logs, a directory listing including deleted files, and any other system file you think might help your efforts.
Now this just needs a technique to gather volatile system information such as a list of processes and network connections and you have everything you need for a full blown system investigation. Oh, wait, system memory contains all that information. EXCELLENT!!!!! I guess you better start looking at those memory analysis tools again.
Go forth and do good things,
Don C. Weber