We have put together a comprehensive in PDF format.
Run the Volatility imageinfo or windows.info plugin against the memory dump to identify the correct OS architecture. We have put together a comprehensive in PDF format
Volatile vs. non-volatile data; memory acquisition techniques; pagefile analysis; process trees; code injection identification. memory acquisition techniques