Imaging tools

Memory acquisition in Linux

On the command-line, use dd, the data dump tool, and/or dc3dd, the enhancement of dd. Guymager, has built-in case-management abilities and also has many functional similarities to dc3dd, but it comes as a GUI tool and may be easier to use.

Memory acquisition in Windows

On Windows, use FTK Imager (RAM and disk images) or BelkaImager (only RAM acquisition).