{"id":15920,"date":"2022-09-10T15:31:50","date_gmt":"2022-09-10T11:01:50","guid":{"rendered":"https:\/\/liangroup.net\/blog\/?p=15920"},"modified":"2022-09-10T15:59:55","modified_gmt":"2022-09-10T11:29:55","slug":"ram-in-forensics","status":"publish","type":"post","link":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/","title":{"rendered":"\u0631\u0645 \u062f\u0631 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"15920\" class=\"elementor elementor-15920\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1cf9143 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1cf9143\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6107b4e\" data-id=\"6107b4e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fedd0a5 elementor-widget elementor-widget-text-editor\" data-id=\"fedd0a5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0642\u0635\u062f \u062f\u0627\u0631\u06cc\u0645 \u0628\u0647 \u0628\u0631\u0631\u0633\u06cc \u0631\u0645 \u062f\u0631 \u0641\u0631\u0622\u06cc\u0646\u062f \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u0628\u067e\u0631\u062f\u0627\u0632\u06cc\u0645. \u0628\u0647 \u0635\u0648\u0631\u062a \u06a9\u0644\u06cc 2 \u0646\u0648\u0639 \u0631\u0633\u0627\u0646\u0647 \u0630\u062e\u06cc\u0631\u0647\u200c\u0633\u0627\u0632\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f:<\/p><ol><li>\u0641\u0631\u0627\u0631 (volatile)<\/li><li>\u063a\u06cc\u0631\u0641\u0631\u0627\u0631(Non-volatile)<\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1d5405b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1d5405b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-b2c549b\" data-id=\"b2c549b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e981033 elementor-widget elementor-widget-image\" data-id=\"e981033\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"429\" height=\"429\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/2.jpg\" class=\"attachment-large size-large wp-image-15923\" alt=\"\u0631\u0645\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/2.jpg 429w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/2-300x300.jpg 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/2-150x150.jpg 150w\" sizes=\"(max-width: 429px) 100vw, 429px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-2292b9c\" data-id=\"2292b9c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7f097d7 elementor-widget elementor-widget-image\" data-id=\"7f097d7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"429\" height=\"429\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/1.jpg\" class=\"attachment-large size-large wp-image-15922\" alt=\"\u0647\u0627\u0631\u062f \u062f\u06cc\u0633\u06a9\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/1.jpg 429w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/1-300x300.jpg 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/1-150x150.jpg 150w\" sizes=\"(max-width: 429px) 100vw, 429px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4f6fcd0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4f6fcd0\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-714496f\" data-id=\"714496f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b2cb13d elementor-widget elementor-widget-text-editor\" data-id=\"b2cb13d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0647\u0627\u0631\u062f \u062f\u06cc\u0633\u06a9\u200c\u0647\u0627 (\u0645\u06a9\u0627\u0646\u06cc\u06a9\u06cc \u0648 \u062d\u0627\u0644\u062a \u062c\u0627\u0645\u062f, (Solid State) \u062f\u0631\u0627\u06cc\u0648\u0647\u0627\u06cc \u0641\u0644\u0634 \u0648 \u06a9\u0627\u0631\u062a\u200c\u0647\u0627\u06cc \u062d\u0627\u0641\u0638\u0647\u060c \u0647\u0645\u06af\u06cc \u0631\u0633\u0627\u0646\u0647\u200c\u0647\u0627\u06cc \u0630\u062e\u06cc\u0631\u0647\u200c\u0633\u0627\u0632\u06cc \u063a\u06cc\u0631\u0641\u0631\u0627\u0631 \u0647\u0633\u062a\u0646\u062f \u0648 \u062d\u062a\u06cc \u0648\u0642\u062a\u06cc \u062c\u0631\u06cc\u0627\u0646 \u0628\u0631\u0642 \u0628\u0647 \u062a\u0631\u0627\u0634\u0647\u200c\u0647\u0627\u06cc \u0627\u06cc\u0646 \u0646\u0648\u0639 \u0631\u0633\u0627\u0646\u0647\u200c\u0647\u0627 \u0642\u0637\u0639 \u0634\u0648\u062f\u060c \u062f\u06cc\u062a\u0627\u0647\u0627\u06cc \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u0622\u0646\u0647\u0627 \u0627\u0632 \u0628\u06cc\u0646 \u0646\u0645\u06cc\u200c\u0631\u0648\u062f.<\/p><p style=\"text-align: justify;\">\u0646\u0648\u0639 \u062f\u06cc\u06af\u0631\u06cc \u0627\u0632 \u0631\u0633\u0627\u0646\u0647\u200c\u0647\u0627\u06cc \u0630\u062e\u06cc\u0631\u0647\u200c\u0633\u0627\u0632\u06cc \u0631\u0645\u200c\u0647\u0627 (Random-Access Memory) \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u0641\u0631\u0627\u0631\u0646\u062f\u200d \u0648 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u0622\u0646\u0647\u0627 \u0628\u0647 \u0647\u0646\u06af\u0627\u0645 \u0642\u0637\u0639 \u0628\u0627\u0631\u0627\u0644\u06a9\u062a\u0631\u06cc\u06a9\u06cc \u06cc\u0627 \u062c\u0631\u06cc\u0627\u0646 \u0628\u0631\u0642 \u0627\u0632 \u0628\u06cc\u0646 \u0645\u06cc\u200c\u0631\u0648\u0646\u062f \u0648 \u062f\u0631 \u0639\u06cc\u0646 \u062d\u0627\u0644\u06cc \u06a9\u0647 \u0633\u0631\u06cc\u0639\u200c\u062a\u0631\u06cc\u0646\u200c\u0627\u0646\u062f, \u0628\u06cc\u200c\u062b\u0628\u0627\u062a\u200c\u062a\u0631\u06cc\u0646 \u0646\u06cc\u0632 \u0647\u0633\u062a\u0646\u062f. \u0627\u06af\u0631\u0686\u0647 \u0647\u0627\u0631\u062f\u0647\u0627\u06cc SSD \u0628\u0647\u0628\u0648\u062f\u0647\u0627\u06cc \u0686\u0634\u0645\u200c\u06af\u06cc\u0631\u06cc \u062f\u0631 \u0633\u0631\u0639\u062a \u0648 \u0632\u0645\u0627\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062f\u0627\u062f\u0647\u200c\u0647\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f\u0647\u200c\u0627\u0646\u062f \u0648 \u0647\u0645\u0686\u0646\u0627\u0646 \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f\u060c \u0627\u0645\u0627 \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644 \u0631\u0645\u200c\u0647\u0627 \u062f\u0631 \u0635\u062f\u0631 \u0646\u0634\u0633\u062a\u0647 \u0648 \u0628\u0627\u0644\u0627\u062a\u0631\u06cc\u0646 \u0633\u0631\u0639\u062a \u0631\u0627 \u0628\u06cc\u0646 \u0631\u0633\u0627\u0646\u0647\u200c\u0647\u0627\u06cc \u0630\u062e\u06cc\u0631\u0647\u200c\u0633\u0627\u0632\u06cc \u062f\u0627\u0631\u0646\u062f.<\/p><h4 style=\"text-align: justify;\">\u0627\u0647\u0645\u06cc\u062a \u0631\u0645 \u062f\u0631 \u0641\u0631\u0622\u06cc\u0646\u062f \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9:<\/h4><p style=\"text-align: justify;\">\u0628\u0647 \u0637\u0648\u0631 \u0633\u0646\u062a\u06cc\u060c \u062f\u06cc\u062c\u06cc\u062a\u0627\u0644 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 (\u062c\u0631\u0645 \u0634\u0646\u0627\u0633\u06cc \u062f\u06cc\u062c\u06cc\u062a\u0627\u0644\u06cc) \u0628\u0631 \u0631\u0648\u06cc \u0645\u0635\u0646\u0648\u0639\u0627\u062a \u0648\u0627\u0642\u0639 \u062f\u0631 \u062f\u0633\u062a\u06af\u0627\u0647\u200c\u0647\u0627\u06cc \u0630\u062e\u06cc\u0631\u0647\u200c\u0633\u0627\u0632\u06cc \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u06a9\u0627\u0645\u067e\u06cc\u0648\u062a\u0631\u06cc\u060c \u062a\u0644\u0641\u0646\u200c\u0647\u0627\u06cc \u0647\u0645\u0631\u0627\u0647\u060c \u062f\u0648\u0631\u0628\u06cc\u0646\u200c\u0647\u0627\u06cc \u062f\u06cc\u062c\u06cc\u062a\u0627\u0644 \u0648 \u0633\u0627\u06cc\u0631 \u062f\u0633\u062a\u06af\u0627\u0647\u200c\u0647\u0627\u06cc \u0627\u0644\u06a9\u062a\u0631\u0648\u0646\u06cc\u06a9\u06cc \u062a\u0645\u0631\u06a9\u0632 \u0645\u06cc\u200c\u06a9\u0631\u062f. \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u062f\u0631 \u062f\u0647\u0647 \u06af\u0630\u0634\u062a\u0647\u060c \u0645\u062d\u0642\u0642\u0627\u0646 \u062a\u0639\u062f\u0627\u062f\u06cc \u0627\u0628\u0632\u0627\u0631 \u0642\u062f\u0631\u062a\u0645\u0646\u062f \u0645\u0645\u0648\u0631\u06cc \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f\u0647\u200c\u0627\u0646\u062f \u06a9\u0647 \u062f\u0627\u0645\u0646\u0647 \u062f\u06cc\u062c\u06cc\u062a\u0627\u0644 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u0631\u0627 \u06af\u0633\u062a\u0631\u0634 \u062f\u0627\u062f\u0647 \u0648 \u0634\u0627\u0645\u0644 \u0628\u0631\u0631\u0633\u06cc \u062d\u0627\u0641\u0638\u0647 \u0641\u0631\u0627\u0631 \u0646\u06cc\u0632 \u0645\u06cc\u200c\u0634\u0648\u062f.<\/p><p style=\"text-align: justify;\">\u0627\u0646\u0648\u0627\u0639 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062c\u0627\u0644\u0628\u06cc \u0631\u0648\u06cc \u0631\u0645 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06a9\u0647 \u0628\u0647 \u0647\u0646\u06af\u0627\u0645 \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0645\u0635\u0646\u0648\u0639\u0627\u062a \u062e\u06cc\u0644\u06cc \u0645\u0647\u0645 \u0628\u0647 \u0634\u0645\u0627\u0631 \u0645\u06cc \u0622\u06cc\u0646\u062f. \u0631\u0645\u0632\u0647\u0627\u06cc \u0648\u0631\u0648\u062f, \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u06a9\u0627\u0631\u0628\u0631, \u067e\u0631\u0627\u0633\u0633 \u0648 \u0641\u0631\u0622\u06cc\u0646\u062f\u0647\u0627\u06cc \u067e\u0646\u0647\u0627\u0646 \u062f\u0631 \u062f\u0631 \u062d\u0627\u0644 \u0627\u062c\u0631\u0627 \u0648 &#8230; . \u0627\u06cc\u0646\u200c\u0647\u0627 \u062a\u0646\u0647\u0627 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0627\u0646\u0648\u0627\u0639 \u062f\u06cc\u062a\u0627 \u0648 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0645\u0647\u0645 \u0648 \u062c\u0627\u0644\u0628\u06cc \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u0627\u0632 \u0631\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f\u060c \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062f\u0644\u06cc\u0644 \u06cc\u06a9\u06cc \u0627\u0632 \u0645\u0647\u0645\u200c\u062a\u0631\u06cc\u0646 \u0648 \u0645\u062d\u0628\u0648\u0628\u200c\u062a\u0631\u06cc\u0646 \u0645\u0646\u0627\u0628\u0639 \u0628\u0631\u0627\u06cc \u062c\u0631\u0645\u200c\u0634\u0646\u0627\u0633\u06cc \u0648 \u0622\u0646\u0627\u0644\u06cc\u0632 \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0645\u06cc\u200c\u0628\u0627\u0634\u062f.<\/p><p style=\"text-align: justify;\">\u0628\u0627 \u062a\u0648\u062c\u0647 \u0628\u0647 \u0627\u06cc\u0646\u06a9\u0647 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc RAM \u0641\u0631\u0627\u0631 \u0648 \u0628\u0633\u06cc \u0628\u06cc\u200c\u062b\u0628\u0627\u062a\u200c\u0627\u0646\u062f\u060c \u0628\u0627\u06cc\u062f \u0628\u0627 \u0627\u0644\u0648\u06cc\u062a \u0628\u0627\u0644\u0627\u06cc\u06cc \u062d\u0641\u0638 \u0634\u0648\u0646\u062f\u060c \u0632\u06cc\u0631\u0627 \u062f\u0627\u062f\u0647\u200c\u0647\u0627 \u0628\u0627 \u06a9\u0645\u200c\u062a\u0631\u06cc\u0646 \u0627\u0644\u06a9\u062a\u0631\u06cc\u0633\u06cc\u062a\u0647 \u0633\u0627\u06a9\u0646 \u06cc\u0627 \u06a9\u0648\u0686\u06a9\u200c\u062a\u0631\u06cc\u0646 \u067e\u0631\u0627\u0633\u0633 \u0627\u0636\u0627\u0641\u06cc \u0627\u06cc\u062c\u0627\u062f \u0634\u062f\u0647 \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0639\u0627\u0645\u0644 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0632 \u0628\u06cc\u0646 \u0628\u0631\u0648\u0646\u062f. \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627\u06cc \u0645\u0645\u0648\u0631\u06cc \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u0627\u0632 \u062c\u0633\u062a\u062c\u0648\u0647\u0627\u06cc \u0631\u0634\u062a\u0647\u200c\u0627\u06cc \u0633\u0627\u062f\u0647 \u0628\u0647 \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0639\u0645\u06cc\u0642 \u0648 \u0633\u0627\u062e\u062a\u0627\u0631 \u06cc\u0627\u0641\u062a\u0647 \u062f\u06cc\u062a\u0627\u06cc \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u0648 \u06a9\u0631\u0646\u0644 (\u0647\u0633\u062a\u0647) \u0633\u06cc\u0633\u062a\u0645\u200c\u0639\u0627\u0645\u0644\u200c\u0647\u0627 \u0648 \u0628\u0631\u062e\u06cc \u067e\u0644\u062a\u0641\u0631\u0645\u200c\u0647\u0627 \u062a\u06a9\u0627\u0645\u0644 \u06cc\u0627\u0641\u062a\u0647 \u0627\u0633\u062a.<\/p><p style=\"text-align: justify;\">\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0628\u0627 \u0627\u0646\u062c\u0627\u0645 \u0627\u0646\u0627\u0644\u06cc\u0632\u06cc \u0633\u0627\u062f\u0647 \u0647\u062f\u0641 \u062f\u0631 \u062a\u0631\u0633\u06cc\u0645 \u062a\u0635\u0648\u0631\u06cc \u0627\u0632 \u0645\u0645\u0648\u0631\u06cc \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u0631\u0627 \u062f\u0627\u0631\u06cc\u0645.<\/p><p style=\"text-align: justify;\">\u00a0\u0628\u0647 \u0635\u0648\u0631\u062a \u06a9\u0644\u06cc \u0648 \u062e\u0644\u0627\u0635\u0647 3 \u0645\u0631\u062d\u0644\u0647 \u0631\u0627 \u0628\u0647 \u0634\u0631\u062d \u0632\u06cc\u0631 \u0637\u06cc \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f:<\/p><ul><li style=\"text-align: justify;\">Memory Imaging(Dump)<\/li><li style=\"text-align: justify;\">Dump Analysis<\/li><li style=\"text-align: justify;\">Reporting<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-45d9a46 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"45d9a46\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8d3ac2c\" data-id=\"8d3ac2c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f88dc47 elementor-widget elementor-widget-text-editor\" data-id=\"f88dc47\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5 style=\"text-align: justify;\">\u0645\u0631\u062d\u0644\u0647 \u0627\u0648\u0644: Memory imaging<\/h5><p style=\"text-align: justify;\">\u0627\u0628\u0632\u0627\u0631 \u0647\u0627\u06cc \u0645\u062a\u0639\u062f\u062f\u06cc \u062c\u0647\u062a \u062f\u0627\u0645\u067e \u06af\u0631\u0641\u062a\u0646 \u0627\u0632 \u0645\u0645\u0648\u0631\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f\u060c \u062c\u0647\u062a \u0622\u0634\u0646\u0627\u06cc\u06cc \u0645\u0627 \u0627\u0632 DumpIt \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0633\u06cc\u0633\u062a\u0645\u200c\u0639\u0627\u0645\u0644 \u0648\u06cc\u0646\u062f\u0648\u0632 \u0627\u0633\u062a \u0648 dc3dd \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0627\u0633\u062a\u060c \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f.<\/p><h5 style=\"text-align: justify;\">\u0627\u0628\u0632\u0627\u0631 DumpIt<\/h5><p style=\"text-align: justify;\">\u0627\u06cc\u0646 \u0627\u0628\u0632\u0627\u0631\u060c \u0627\u0628\u0632\u0627\u0631\u06cc \u062c\u062f\u06cc\u062f \u0627\u0632 MoonSols \u0627\u0633\u062a \u06a9\u0647 \u062a\u0631\u06a9\u06cc\u0628\u06cc \u0627\u0632 \u062f\u0648 \u0627\u0628\u0632\u0627\u0631 \u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f win32dd \u0648 win64dd \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u0627\u062c\u0631\u0627\u06cc\u06cc \u0648 \u062e\u0637 \u0641\u0631\u0645\u0627\u0646 (Command Line) \u062a\u0631\u06a9\u06cc\u0628 \u0634\u062f\u0647\u200c\u0627\u0646\u062f \u0648 \u0628\u0627 \u0647\u0631 \u062f\u0648 \u0633\u06cc\u0633\u062a\u0645 32\u0628\u06cc\u062a\u06cc \u064864\u0628\u06cc\u062a\u06cc \u0628\u0647 \u062e\u0648\u0628\u06cc \u06a9\u0627\u0631 \u0645\u06cc\u200e\u06a9\u0646\u062f \u0648 \u062f\u0627\u0645\u067e \u062a\u0647\u06cc\u0647 \u0634\u062f\u0647 \u0631\u0627 \u062f\u0631 \u0647\u0645\u0627\u0646 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u06a9\u0647 \u062e\u0648\u062f \u0627\u0628\u0632\u0627\u0631 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f\u060c \u0642\u0631\u0627\u0631 \u0645\u06cc\u062f\u200c\u0647\u062f\u061b \u06a9\u0627\u0631 \u0628\u0627 \u0627\u06cc\u0646 \u0627\u0628\u0632\u0627\u0631 \u0628\u0633\u06cc\u0627\u0631 \u0622\u0633\u0627\u0646 \u0627\u0633\u062a \u0648 \u062a\u0646\u0647\u0627 \u0646\u06cc\u0627\u0632 \u0628\u0647 \u06cc\u06a9 \u062a\u0627\u06cc\u06cc\u062f\u06cc\u0647 \u0642\u0628\u0644 \u0627\u0632 \u0634\u0631\u0648\u0639 \u062f\u0627\u0631\u062f \u0648 \u0637\u0648\u0631\u06cc \u0637\u0631\u0627\u062d\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 \u062f\u0631\u0627\u06cc\u0648 USB \u0642\u0627\u0628\u0644 \u062c\u0627\u0628\u062c\u0627\u06cc\u06cc \u0628\u0627\u0634\u062f \u0648 \u062f\u0631 \u0627\u062e\u062a\u06cc\u0627\u0631 \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u063a\u06cc\u0631\u0641\u0646\u06cc \u0646\u06cc\u0632 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f.<\/p><p style=\"text-align: justify;\">\u0645\u0645\u0648\u0631\u06cc \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u062f\u0631 \u062d\u0627\u0644 \u062a\u0628\u062f\u06cc\u0644 \u0634\u062f\u0646 \u0628\u0647 \u06cc\u06a9 \u062c\u0646\u0628\u0647 \u0636\u0631\u0648\u0631\u06cc \u0627\u0632 \u062f\u06cc\u062c\u06cc\u062a\u0627\u0644 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u0648 \u067e\u0627\u0633\u062e \u0628\u0647 \u062d\u0648\u0627\u062f\u062b \u0627\u0633\u062a. \u0632\u0645\u0627\u0646\u06cc \u06a9\u0647 \u0627\u0639\u062a\u0642\u0627\u062f \u0628\u0631 \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u0633\u06cc\u0633\u062a\u0645\u06cc \u062f\u0631 \u0645\u0639\u0631\u0636 \u062e\u0637\u0631 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647 \u06cc\u0627 \u0622\u0644\u0648\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a\u060c \u0645\u062d\u0642\u0642 \u0628\u0647 \u06cc\u06a9 \u0631\u0627\u0647 \u0631\u0627\u062d\u062a \u0628\u0631\u0627\u06cc \u06af\u0631\u0641\u062a\u0646 \u062f\u0627\u0645\u067e \u0641\u0648\u0631\u06cc \u0645\u0645\u0648\u0631\u06cc \u0627\u0632 \u0645\u06cc\u0632\u0628\u0627\u0646 \u0646\u06cc\u0627\u0632 \u062f\u0627\u0631\u062f. \u062d\u062a\u06cc \u0627\u06af\u0631 \u0641\u0631\u062f\u06cc \u06a9\u0647 \u062f\u0631 \u0645\u0642\u0627\u0628\u0644 \u0631\u0627\u06cc\u0627\u0646\u0647 \u0622\u0633\u06cc\u0628\u200c\u062f\u06cc\u062f\u0647 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f\u060c \u0641\u0646\u06cc \u0646\u0628\u0627\u0634\u062f\u060c \u062a\u0646\u0647\u0627 \u0628\u0627 \u0686\u0646\u062f \u06a9\u0644\u06cc\u06a9 \u0633\u0627\u062f\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u0645\u0645\u0648\u0631\u06cc \u062f\u0627\u0645\u067e \u06af\u0631\u0641\u062a\u0647 \u0648 USB \u062d\u0627\u0648\u06cc \u062f\u0627\u0645\u067e \u0631\u0627 \u062f\u0631 \u0627\u062e\u062a\u06cc\u0627\u0631 \u0645\u062d\u0642\u0642 \u0642\u0631\u0627\u0631 \u062f\u0647\u062f\u060c \u0627\u06cc\u0646 \u0631\u0627\u0647\u06a9\u0627\u0631 \u0628\u0631\u0627\u06cc \u0647\u0645\u0647 \u0633\u0646\u0627\u0631\u06cc\u0648\u0647\u0627 \u0645\u0646\u0627\u0633\u0628 \u0646\u06cc\u0633\u062a\u060c \u0627\u0645\u0627 \u0642\u0637\u0639\u0627 \u062f\u0631 \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u0645\u0648\u0642\u0639\u06cc\u062a\u200c\u0647\u0627 \u062f\u0627\u0645\u067e \u0627\u0632 \u0645\u0645\u0648\u0631\u06cc \u0631\u0627 \u0622\u0633\u0627\u0646\u200c\u062a\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f57ac1a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f57ac1a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c1ba0b8\" data-id=\"c1ba0b8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0821bb7 elementor-widget elementor-widget-image\" data-id=\"0821bb7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"780\" height=\"514\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/3.png\" class=\"attachment-large size-large wp-image-15924\" alt=\"\u0627\u0628\u0632\u0627\u0631 DumpIt\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/3.png 842w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/3-300x198.png 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/3-768x506.png 768w\" sizes=\"(max-width: 780px) 100vw, 780px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5393765 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5393765\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-dc399b8\" data-id=\"dc399b8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-172a29f elementor-widget elementor-widget-text-editor\" data-id=\"172a29f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5 style=\"text-align: justify;\">\u0627\u0628\u0632\u0627\u0631 DD<\/h5><p style=\"text-align: justify;\">\u0627\u0628\u0632\u0627\u0631 dd \u06cc\u06a9 \u0627\u0628\u0632\u0627\u0631 \u062e\u0637 \u0641\u0631\u0645\u0627\u0646 \u0628\u0631\u0627\u06cc \u0633\u06cc\u0633\u062a\u0645\u200c\u0639\u0627\u0645\u0644\u200c\u0647\u0627\u06cc Unix\u060c Plan 9\u060c Inferno \u0648 \u06cc\u0648\u0646\u06cc\u06a9\u0633\u200c \u0648 &#8230;. \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0627\u0628\u0632\u0627\u0631 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0647\u0627\u06cc\u06cc \u0645\u0627\u0646\u0646\u062f \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u200c\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0628\u062e\u0634 \u0631\u0627\u0647\u200c\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u0647\u0627\u0631\u062f\u062f\u06cc\u0633\u06a9 \u0648 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f\u0646 \u0645\u0642\u062f\u0627\u0631 \u062b\u0627\u0628\u062a\u06cc \u0627\u0632 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062a\u0635\u0627\u062f\u0641\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u0648\u062f. \u0627\u0628\u0632\u0627\u0631 dd \u0647\u0645\u0686\u0646\u06cc\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062f\u0631 \u0647\u0646\u06af\u0627\u0645 \u06a9\u067e\u06cc \u06a9\u0631\u062f\u0646 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u060c \u062a\u0628\u062f\u06cc\u0644\u200c\u0647\u0627\u06cc\u06cc \u0627\u0632 \u062c\u0645\u0644\u0647 \u062a\u0639\u0648\u06cc\u0636 \u062a\u0631\u062a\u06cc\u0628 \u0628\u0627\u06cc\u062a \u0648 \u062a\u0628\u062f\u06cc\u0644 \u06a9\u062f\u06af\u0630\u0627\u0631\u06cc\u200c\u0647\u0627\u06cc \u0645\u062a\u0646\u06cc ASCII \u0648 EBCDIC \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u062f.<\/p><p style=\"text-align: justify;\">\u0627\u0628\u0632\u0627\u0631 dc3dd \u06cc\u06a9 \u0646\u0633\u062e\u0647 \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0647 \u0627\u0632 GNU dd \u0628\u0627 \u0648\u06cc\u0698\u06af\u06cc\u200c\u0647\u0627\u06cc \u0627\u0636\u0627\u0641\u06cc \u0628\u0631\u0627\u06cc \u062f\u06cc\u062c\u06cc\u062a\u0627\u0644 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u0627\u0633\u062a. \u0628\u0627 \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u0645\u0633\u06cc\u0631 \u0631\u0645 \u0648 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0645\u0642\u0635\u062f \u062c\u0647\u062a \u0630\u062e\u06cc\u0631\u0647 \u062f\u0627\u0645\u067e \u0648 \u0646\u06cc\u0632 \u0646\u0648\u0639 \u0641\u0631\u0645\u062a \u062f\u0627\u0645\u067e \u0631\u0627 \u0645\u0634\u062e\u0635 \u06a9\u0646\u06cc\u0645 (\u0628\u0647 \u06cc\u0627\u062f \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u062f \u06a9\u0647 \u0628\u0627\u06cc\u062f \u0628\u0627 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc \u0631\u0648\u062a \u0627\u062c\u0631\u0627 \u0634\u0648\u062f).<\/p><p style=\"text-align: justify;\">dc3dd if=\/dev\/fmem\u00a0 of=\/root\/&#8230;\u00a0 .raw<\/p><p style=\"text-align: justify;\">\u062f\u0631 \u0645\u0648\u0631\u062f fmem \u062e\u0648\u062f\u062a\u0627\u0646 \u062a\u062d\u0642\u06cc\u0642\u06cc \u06a9\u0646\u06cc\u062f \u0632\u06cc\u0631\u0627 \u0686\u0627\u0634\u0646\u06cc \u0686\u06cc\u0632\u06cc \u062f\u0627\u0646\u0633\u062a\u0646 \u062f\u0631 \u062c\u0633\u062a \u0648 \u062c\u0648\u06cc \u0622\u0646 \u0627\u0633\u062a.<\/p><h5 style=\"text-align: justify;\">\u0645\u0631\u062d\u0644\u0647 Dump Analysis<\/h5><p style=\"text-align: justify;\">\u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0648 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u062c\u0631\u0645\u200c\u0634\u0646\u0627\u0633\u06cc \u0645\u062e\u062a\u0644\u0641 \u0648 \u0642\u062f\u0631\u062a\u0645\u0646\u062f\u06cc \u062c\u0647\u062a \u0622\u0646\u0627\u0644\u06cc\u0632 \u0645\u0645\u0648\u0631\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u0627\u0632 \u0642\u0628\u06cc\u0644 Interrogate\u060c Volatility\u060c HB Gray Responder. \u0645\u0627 \u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0627\u0632 \u0641\u0631\u06cc\u0645\u0648\u0631\u06a9 \u0642\u062f\u0631\u062a\u0645\u0646\u062f Volatility \u0628\u0647\u0631\u0647 \u062e\u0648\u0627\u0647\u06cc\u0645 \u0628\u0631\u062f.<\/p><p style=\"text-align: justify;\">\u0641\u0631\u06cc\u0645\u0648\u0631\u06a9 Volatility \u067e\u0631\u06a9\u0627\u0631\u0628\u0631\u062f\u062a\u0631\u06cc\u0646 \u0686\u0627\u0631\u0686\u0648\u0628 \u062c\u0647\u0627\u0646 \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0645\u0635\u0646\u0648\u0639\u0627\u062a \u062f\u06cc\u062c\u06cc\u062a\u0627\u0644 \u0627\u0632 \u062f\u0627\u0645\u067e\u200c\u0647\u0627\u06cc \u062d\u0627\u0641\u0638\u0647 \u0631\u0645 \u0627\u0633\u062a \u0648 \u062a\u0648\u0636\u06cc\u062d\u06cc \u0627\u0636\u0627\u0641\u0647\u200c\u0627\u06cc \u0631\u0627 \u0644\u0627\u0632\u0645 \u0646\u0645\u06cc\u062f\u0627\u0646\u0645 \u0632\u06cc\u0631\u0627 \u0628\u0631\u0627\u06cc \u0647\u0645\u0647 \u062b\u0627\u0628\u062a \u0634\u062f\u0647 \u0627\u0633\u062a. \ud83d\ude42<\/p><p style=\"text-align: justify;\">\u0628\u0631\u0627\u06cc \u0622\u0646\u0627\u0644\u06cc\u0632 \u0627\u0632 \u062f\u0627\u0645\u067e\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u062e\u0648\u0627\u0647\u06cc\u0645 \u06a9\u0631\u062f \u06a9\u0647 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645\u06cc \u0622\u0644\u0648\u062f\u0647 \u0628\u0647 \u0628\u0627\u062c \u0627\u0641\u0632\u0627\u0631 WannaCry \u06af\u0631\u0641\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0628\u0627 \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0647\u0645\u0631\u0627\u0647 \u0628\u0627 \u067e\u0644\u0627\u06af\u06cc\u0646 imageinfo \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u0627\u0637\u0644\u0627\u0639\u0627\u062a\u06cc \u0627\u0632 \u062f\u0627\u0645\u067e \u06af\u0631\u0641\u062a\u0647 \u0634\u062f\u0647 \u0631\u0627 \u0628\u0647 \u062f\u0633\u062a \u0628\u06cc\u0627\u0648\u0631\u06cc\u0645:<\/p><p style=\"text-align: justify;\">volatility -f liangroup.vmem imageinfo<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6886b34 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6886b34\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ffb9e5e\" data-id=\"ffb9e5e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-20ca367 elementor-widget elementor-widget-image\" data-id=\"20ca367\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"647\" height=\"401\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/4.png\" class=\"attachment-large size-large wp-image-15925\" alt=\"\u0641\u0631\u06cc\u0645\u0648\u0631\u06a9 Volatility\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/4.png 647w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/4-300x186.png 300w\" sizes=\"(max-width: 647px) 100vw, 647px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f307eb2 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f307eb2\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e85b635\" data-id=\"e85b635\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-061b178 elementor-widget elementor-widget-text-editor\" data-id=\"061b178\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0647\u0645\u0631\u0627\u0647 \u0628\u0627 \u067e\u0644\u0627\u06af\u06cc\u0646 pstree \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u067e\u0631\u0627\u0633\u0633\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u062f\u0631 \u0647\u0646\u06af\u0627\u0645 \u06af\u0631\u0641\u062a\u0646 \u062f\u0627\u0645\u067e \u062f\u0631 \u062d\u0627\u0644 \u0627\u062c\u0631\u0627 \u0628\u0648\u062f\u0646\u062f \u0631\u0627 \u0645\u0634\u0627\u0647\u062f\u0647 \u06a9\u0646\u06cc\u0645:<\/p><p style=\"text-align: justify;\">volatility &#8211;profile=WinXPSP2x86 -f wcry.raw pslist<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9b2561f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9b2561f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b138679\" data-id=\"b138679\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bcef364 elementor-widget elementor-widget-image\" data-id=\"bcef364\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"780\" height=\"640\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/5.jpg\" class=\"attachment-large size-large wp-image-15926\" alt=\"\u0641\u0631\u06cc\u0645\u0648\u0631\u06a9 Volatility\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/5.jpg 947w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/5-300x246.jpg 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/5-768x630.jpg 768w\" sizes=\"(max-width: 780px) 100vw, 780px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-78742fe elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"78742fe\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-79b8e1d\" data-id=\"79b8e1d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6abecc8 elementor-widget elementor-widget-text-editor\" data-id=\"6abecc8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: justify;\">\u0647\u0645\u0627\u0646\u200c\u0637\u0648\u0631 \u06a9\u0647 \u062f\u0631 \u062a\u0635\u0648\u06cc\u0631 \u062f\u06cc\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u067e\u0631\u0627\u0633\u0633\u06cc \u0628\u0627 \u0646\u0627\u0645 @WanaDecryptor@ \u0628\u0627\u00a0 PID 740 \u0648 PID (1940) \u062f\u0631 \u062d\u0627\u0644 \u0627\u062c\u0631\u0627 \u0647\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 Windows task scheduler(tasksch.exe, PID: 1940) ,\u062a\u062d\u062a Windows Explorer (explorer.exe) \u0627\u06cc\u062c\u0627\u062f \u0634\u062f\u0647 \u0627\u0633\u062a.<\/p><h5 style=\"text-align: justify;\">\u0645\u0631\u062d\u0644\u0647Reporting\u00a0<\/h5><p style=\"text-align: justify;\">\u062f\u0631 \u0637\u06cc \u06cc\u06a9 \u067e\u0631\u0648\u0633\u0647 \u062c\u0631\u0645\u200c\u0634\u0646\u0627\u0633\u06cc\u060c \u0646\u0648\u0634\u062a\u0646 \u0648 \u0627\u0631\u0627\u0626\u0647 \u06af\u0632\u0627\u0631\u0634 \u0634\u0627\u06cc\u062f \u0633\u062e\u062a\u200c\u062a\u0631\u06cc\u0646 \u0648 \u0637\u0627\u0642\u062a \u0641\u0631\u0627\u0633\u0627\u062a\u0631\u06cc\u0646 \u0645\u0631\u062d\u0644\u0647 \u0628\u0627\u0634\u062f. \u0628\u0647 \u0627\u0635\u0637\u0644\u0627\u062d\u06cc \u062f\u06cc\u06af\u0631\u061b \u063a\u0648\u0644 \u0645\u0631\u062d\u0644\u0647 \u0622\u062e\u0631 \ud83d\ude42 \u0632\u06cc\u0631\u0627 \u0628\u0633\u06cc\u0627\u0631 \u0645\u0647\u0645 \u0627\u0633\u062a \u06a9\u0647 \u062a\u0645\u0627\u0645 \u0645\u0631\u0627\u062d\u0644 \u06cc\u06a9 \u062a\u062d\u0642\u06cc\u0642 \u0631\u0627 \u0645\u0633\u062a\u0646\u062f \u06a9\u0646\u06cc\u0645\u060c \u0646\u0647 \u062a\u0646\u0647\u0627 \u0628\u062a\u0648\u0627\u0646\u06cc\u0645 \u0646\u062a\u0627\u06cc\u062c \u062e\u0648\u062f \u0631\u0627 \u0628\u0627\u0632\u0633\u0627\u0632\u06cc \u0648 \u062a\u0623\u06cc\u06cc\u062f \u06a9\u0646\u06cc\u0645\u060c \u0628\u0644\u06a9\u0647 \u06cc\u0627\u0641\u062a\u0647\u200c\u0647\u0627\u06cc \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u06cc\u06a9 \u06af\u0632\u0627\u0631\u0634 \u0631\u0633\u0645\u06cc \u06a9\u0647 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u062f\u0631 \u062f\u0627\u062f\u06af\u0627\u0647 \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f\u060c \u0627\u0631\u0627\u0626\u0647 \u062f\u0647\u06cc\u0645. \u0648 \u0628\u0647\u200c\u0637\u0648\u0631 \u062d\u0631\u0641\u0647\u200c\u0627\u06cc \u0648 \u0628\u06cc\u200c\u0637\u0631\u0641\u0627\u0646\u0647\u060c \u06cc\u0627\u0641\u062a\u0647\u200c\u0647\u0627\u06cc \u0645\u0627 \u0628\u0627\u06cc\u062f \u0628\u0647 \u0635\u0648\u0631\u062a \u063a\u06cc\u0631\u0645\u0633\u062a\u0642\u06cc\u0645 \u0627\u0631\u0627\u0626\u0647 \u0634\u0648\u062f \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0627\u0641\u0631\u0627\u062f \u063a\u06cc\u0631 \u0641\u0646\u06cc \u0645\u0627\u0646\u0646\u062f \u0648\u06a9\u0644\u0627\u060c \u0645\u062f\u06cc\u0631\u0627\u0646\u060c \u0628\u0627\u0632\u0631\u06af\u0627\u0646\u0627\u0646\u060c \u062d\u0633\u0627\u0628\u062f\u0627\u0631\u0627\u0646 \u0648 \u0633\u0627\u06cc\u0631\u06cc\u0646 \u0627\u0641\u0631\u0627\u062f \u06a9\u0647 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0647 \u0647\u06cc\u0686 \u0648\u062c\u0647 \u0628\u0627 \u0641\u0631\u0622\u06cc\u0646\u062f \u0648 \u0627\u0635\u0637\u0644\u0627\u062d\u0627\u062a \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u0622\u0634\u0646\u0627 \u0646\u0628\u0627\u0634\u0646\u062f \u0642\u0627\u0628\u0644 \u062f\u0631\u06a9 \u0628\u0627\u0634\u062f. \u0627\u0632 \u0645\u0648\u0633\u0633\u0627\u062a \u0631\u0633\u0645\u06cc \u06a9\u0647 \u0628\u0631\u0627\u06cc \u062a\u0647\u06cc\u06cc\u0647 \u06af\u0632\u0627\u0631\u0634, \u0627\u0633\u062a\u0627\u0646\u062f\u0631\u0627\u062f\u0647\u0627\u06cc\u06cc \u0631\u0627 \u0627\u0631\u0627\u0626\u0647 \u062f\u0627\u062f\u0647\u200c\u0627\u0646\u062f \u0647\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0631\u0627\u0647\u0646\u0645\u0627\u06cc\u06cc \u06af\u0631\u0641\u062a.<\/p><p style=\"text-align: justify;\">\u062a\u0639\u062f\u0627\u062f\u06cc \u0627\u0632 \u0645\u0648\u0633\u0633\u0627\u062a \u0645\u0639\u062a\u0628\u0631 \u062f\u0631 \u0633\u0637\u062d \u062c\u0647\u0627\u0646 :<\/p><p style=\"text-align: justify;\">SWGDE (Scientific Working Group on Digital Evidence)<\/p><p style=\"text-align: justify;\">ENISA (European Union Agency for Cybersecurity)<\/p><p style=\"text-align: justify;\">ACPO (Association of Chief Police Officers)<\/p><p style=\"text-align: justify;\">* \u0627\u06cc\u0646 \u0627\u0645\u0648\u0632\u0634 \u0635\u0631\u0641\u0627 \u062c\u0647\u062a \u0627\u06cc\u062c\u0627\u062f \u0630\u0647\u0646\u06cc\u062a\u06cc \u0627\u0632 \u0622\u0646\u0627\u0644\u06cc\u0632 \u0645\u0645\u0648\u0631\u06cc \u0628\u0648\u062f \u0648 \u062c\u0631\u0645\u200c\u0634\u0646\u0627\u0633\u06cc (Forensics) \u0641\u0631\u0627\u062a\u0631 \u0648 \u067e\u06cc\u0686\u06cc\u062f\u0647\u200c\u062a\u0631 \u0627\u0632 \u0686\u06cc\u0632\u06cc \u0647\u0633\u062a \u06a9\u0647 \u0646\u0634\u0627\u0646 \u062f\u0627\u062f\u0647 \u0634\u062f.<\/p><p style=\"text-align: justify;\">\u062c\u0647\u062a \u0631\u0641\u0639 \u06a9\u0646\u062c\u06a9\u0627\u0648\u06cc \u0648 \u06a9\u0633\u0628 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u0645\u0642\u0627\u0644\u0627\u062a \u0633\u0646\u0633 \u0646\u06cc\u0632 \u0628\u0647\u0631\u0647 \u0628\u0628\u0631\u06cc\u062f:<\/p><p style=\"text-align: justify;\"><a href=\"https:\/\/www.sans.org\/blog\/?focus-area=digital-forensics\">https:\/\/www.sans.org\/blog\/?focus-area=digital-forensics<\/a><\/p><p style=\"text-align: justify;\">\u0646\u0648\u06cc\u0633\u0646\u062f\u0647 \u0645\u0642\u0627\u0644\u0647: \u0633\u0647\u06cc\u0644 \u0639\u0644\u06cc\u0632\u0627\u062f\u0647<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0642\u0635\u062f \u062f\u0627\u0631\u06cc\u0645 \u0628\u0647 \u0628\u0631\u0631\u0633\u06cc \u0631\u0645 \u062f\u0631 \u0641\u0631\u0622\u06cc\u0646\u062f \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u0628\u067e\u0631\u062f\u0627\u0632\u06cc\u0645. \u0628\u0647 \u0635\u0648\u0631\u062a \u06a9\u0644\u06cc \u06f2 \u0646\u0648\u0639 \u0631\u0633\u0627\u0646\u0647 \u0630\u062e\u06cc\u0631\u0647\u200c\u0633\u0627\u0632\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f: \u0641\u0631\u0627\u0631 (volatile) \u063a\u06cc\u0631\u0641\u0631\u0627\u0631(Non-volatile) \u0647\u0627\u0631\u062f \u062f\u06cc\u0633\u06a9\u200c\u0647\u0627 (\u0645\u06a9\u0627\u0646\u06cc\u06a9\u06cc \u0648 \u062d\u0627\u0644\u062a \u062c\u0627\u0645\u062f, (Solid State) \u062f\u0631\u0627\u06cc\u0648\u0647\u0627\u06cc \u0641\u0644\u0634 \u0648 \u06a9\u0627\u0631\u062a\u200c\u0647\u0627\u06cc \u062d\u0627\u0641\u0638\u0647\u060c \u0647\u0645\u06af\u06cc \u0631\u0633\u0627\u0646\u0647\u200c\u0647\u0627\u06cc \u0630\u062e\u06cc\u0631\u0647\u200c\u0633\u0627\u0632\u06cc \u063a\u06cc\u0631\u0641\u0631\u0627\u0631 \u0647\u0633\u062a\u0646\u062f \u0648 \u062d\u062a\u06cc \u0648\u0642\u062a\u06cc \u062c\u0631\u06cc\u0627\u0646 \u0628\u0631\u0642 \u0628\u0647 \u062a\u0631\u0627\u0634\u0647\u200c\u0647\u0627\u06cc \u0627\u06cc\u0646 \u0646\u0648\u0639 \u0631\u0633\u0627\u0646\u0647\u200c\u0647\u0627 \u0642\u0637\u0639 \u0634\u0648\u062f\u060c \u062f\u06cc\u062a\u0627\u0647\u0627\u06cc &hellip;<\/p>\n","protected":false},"author":1,"featured_media":15930,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226,229,349],"tags":[],"class_list":["post-15920","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-fornesic","category-memory-fornesic","category-slides"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.5 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>\u0631\u0645 \u062f\u0631 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/liangroup.net\/blog\/ram-in-forensics\/\" \/>\n<meta property=\"og:locale\" content=\"fa_IR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u0631\u0645 \u062f\u0631 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9\" \/>\n<meta property=\"og:description\" content=\"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0642\u0635\u062f \u062f\u0627\u0631\u06cc\u0645 \u0628\u0647 \u0628\u0631\u0631\u0633\u06cc \u0631\u0645 \u062f\u0631 \u0641\u0631\u0622\u06cc\u0646\u062f \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u0628\u067e\u0631\u062f\u0627\u0632\u06cc\u0645. \u0628\u0647 \u0635\u0648\u0631\u062a \u06a9\u0644\u06cc \u06f2 \u0646\u0648\u0639 \u0631\u0633\u0627\u0646\u0647 \u0630\u062e\u06cc\u0631\u0647\u200c\u0633\u0627\u0632\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f: \u0641\u0631\u0627\u0631 (volatile) \u063a\u06cc\u0631\u0641\u0631\u0627\u0631(Non-volatile) \u0647\u0627\u0631\u062f \u062f\u06cc\u0633\u06a9\u200c\u0647\u0627 (\u0645\u06a9\u0627\u0646\u06cc\u06a9\u06cc \u0648 \u062d\u0627\u0644\u062a \u062c\u0627\u0645\u062f, (Solid State) \u062f\u0631\u0627\u06cc\u0648\u0647\u0627\u06cc \u0641\u0644\u0634 \u0648 \u06a9\u0627\u0631\u062a\u200c\u0647\u0627\u06cc \u062d\u0627\u0641\u0638\u0647\u060c \u0647\u0645\u06af\u06cc \u0631\u0633\u0627\u0646\u0647\u200c\u0647\u0627\u06cc \u0630\u062e\u06cc\u0631\u0647\u200c\u0633\u0627\u0632\u06cc \u063a\u06cc\u0631\u0641\u0631\u0627\u0631 \u0647\u0633\u062a\u0646\u062f \u0648 \u062d\u062a\u06cc \u0648\u0642\u062a\u06cc \u062c\u0631\u06cc\u0627\u0646 \u0628\u0631\u0642 \u0628\u0647 \u062a\u0631\u0627\u0634\u0647\u200c\u0647\u0627\u06cc \u0627\u06cc\u0646 \u0646\u0648\u0639 \u0631\u0633\u0627\u0646\u0647\u200c\u0647\u0627 \u0642\u0637\u0639 \u0634\u0648\u062f\u060c \u062f\u06cc\u062a\u0627\u0647\u0627\u06cc &hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/liangroup.net\/blog\/ram-in-forensics\/\" \/>\n<meta property=\"og:site_name\" content=\"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\" \/>\n<meta property=\"article:author\" content=\"#\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-10T11:01:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-10T11:29:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/forensic-analysis.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"\u0627\u062f\u0645\u06cc\u0646\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@#\" \/>\n<meta name=\"twitter:site\" content=\"@liansecurity\" \/>\n<meta name=\"twitter:label1\" content=\"\u0646\u0648\u0634\u062a\u0647\u200c\u0634\u062f\u0647 \u0628\u062f\u0633\u062a\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u0627\u062f\u0645\u06cc\u0646\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u0632\u0645\u0627\u0646 \u062a\u0642\u0631\u06cc\u0628\u06cc \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 \u062f\u0642\u06cc\u0642\u0647\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/ram-in-forensics\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/ram-in-forensics\\\/\"},\"author\":{\"name\":\"\u0627\u062f\u0645\u06cc\u0646\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/56ec88338ff7cb5202779a216d9f3399\"},\"headline\":\"\u0631\u0645 \u062f\u0631 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9\",\"datePublished\":\"2022-09-10T11:01:50+00:00\",\"dateModified\":\"2022-09-10T11:29:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/ram-in-forensics\\\/\"},\"wordCount\":116,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/ram-in-forensics\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/forensic-analysis.jpg\",\"articleSection\":[\"\u062c\u0631\u0645 \u0634\u0646\u0627\u0633\u06cc (\u0641\u0627\u0631\u0646\u0632\u06cc\u06a9)\",\"\u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u0645\u0645\u0648\u0631\u06cc\",\"\u06cc\u06cc\u06cc\u06cc \u0627\u0633\u0644\u0627\u06cc\u062f\"],\"inLanguage\":\"fa-IR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/liangroup.net\\\/blog\\\/ram-in-forensics\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/ram-in-forensics\\\/\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/ram-in-forensics\\\/\",\"name\":\"\u0631\u0645 \u062f\u0631 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/ram-in-forensics\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/ram-in-forensics\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/forensic-analysis.jpg\",\"datePublished\":\"2022-09-10T11:01:50+00:00\",\"dateModified\":\"2022-09-10T11:29:55+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/56ec88338ff7cb5202779a216d9f3399\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/ram-in-forensics\\\/#breadcrumb\"},\"inLanguage\":\"fa-IR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/liangroup.net\\\/blog\\\/ram-in-forensics\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fa-IR\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/ram-in-forensics\\\/#primaryimage\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/forensic-analysis.jpg\",\"contentUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/forensic-analysis.jpg\",\"width\":800,\"height\":500,\"caption\":\"\u0631\u0645 \u062f\u0631 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/ram-in-forensics\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u062e\u0627\u0646\u0647\",\"item\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u0631\u0645 \u062f\u0631 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/\",\"name\":\"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\",\"description\":\"\u0622\u062e\u0631\u06cc\u0646 \u0627\u062e\u0628\u0627\u0631\u060c\u0645\u0642\u0627\u0644\u0627\u062a \u0648 \u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fa-IR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/56ec88338ff7cb5202779a216d9f3399\",\"name\":\"\u0627\u062f\u0645\u06cc\u0646\",\"description\":\"\u0639\u0644\u0627\u0642\u0645\u0646\u062f \u0628\u0647 \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0648 \u0622\u0634\u0646\u0627 \u0628\u0647 \u062d\u0648\u0632\u0647 \u062a\u0633\u062a \u0646\u0641\u0648\u0630\",\"sameAs\":[\"http:\\\/\\\/liangroup.net\",\"#\",\"https:\\\/\\\/x.com\\\/#\"],\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u0631\u0645 \u062f\u0631 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/","og_locale":"fa_IR","og_type":"article","og_title":"\u0631\u0645 \u062f\u0631 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9","og_description":"\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0642\u0635\u062f \u062f\u0627\u0631\u06cc\u0645 \u0628\u0647 \u0628\u0631\u0631\u0633\u06cc \u0631\u0645 \u062f\u0631 \u0641\u0631\u0622\u06cc\u0646\u062f \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u0628\u067e\u0631\u062f\u0627\u0632\u06cc\u0645. \u0628\u0647 \u0635\u0648\u0631\u062a \u06a9\u0644\u06cc \u06f2 \u0646\u0648\u0639 \u0631\u0633\u0627\u0646\u0647 \u0630\u062e\u06cc\u0631\u0647\u200c\u0633\u0627\u0632\u06cc \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f: \u0641\u0631\u0627\u0631 (volatile) \u063a\u06cc\u0631\u0641\u0631\u0627\u0631(Non-volatile) \u0647\u0627\u0631\u062f \u062f\u06cc\u0633\u06a9\u200c\u0647\u0627 (\u0645\u06a9\u0627\u0646\u06cc\u06a9\u06cc \u0648 \u062d\u0627\u0644\u062a \u062c\u0627\u0645\u062f, (Solid State) \u062f\u0631\u0627\u06cc\u0648\u0647\u0627\u06cc \u0641\u0644\u0634 \u0648 \u06a9\u0627\u0631\u062a\u200c\u0647\u0627\u06cc \u062d\u0627\u0641\u0638\u0647\u060c \u0647\u0645\u06af\u06cc \u0631\u0633\u0627\u0646\u0647\u200c\u0647\u0627\u06cc \u0630\u062e\u06cc\u0631\u0647\u200c\u0633\u0627\u0632\u06cc \u063a\u06cc\u0631\u0641\u0631\u0627\u0631 \u0647\u0633\u062a\u0646\u062f \u0648 \u062d\u062a\u06cc \u0648\u0642\u062a\u06cc \u062c\u0631\u06cc\u0627\u0646 \u0628\u0631\u0642 \u0628\u0647 \u062a\u0631\u0627\u0634\u0647\u200c\u0647\u0627\u06cc \u0627\u06cc\u0646 \u0646\u0648\u0639 \u0631\u0633\u0627\u0646\u0647\u200c\u0647\u0627 \u0642\u0637\u0639 \u0634\u0648\u062f\u060c \u062f\u06cc\u062a\u0627\u0647\u0627\u06cc &hellip;","og_url":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/","og_site_name":"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","article_author":"#","article_published_time":"2022-09-10T11:01:50+00:00","article_modified_time":"2022-09-10T11:29:55+00:00","og_image":[{"width":800,"height":500,"url":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/forensic-analysis.jpg","type":"image\/jpeg"}],"author":"\u0627\u062f\u0645\u06cc\u0646","twitter_card":"summary_large_image","twitter_creator":"@#","twitter_site":"@liansecurity","twitter_misc":{"\u0646\u0648\u0634\u062a\u0647\u200c\u0634\u062f\u0647 \u0628\u062f\u0633\u062a":"\u0627\u062f\u0645\u06cc\u0646","\u0632\u0645\u0627\u0646 \u062a\u0642\u0631\u06cc\u0628\u06cc \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646":"7 \u062f\u0642\u06cc\u0642\u0647"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/#article","isPartOf":{"@id":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/"},"author":{"name":"\u0627\u062f\u0645\u06cc\u0646","@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/56ec88338ff7cb5202779a216d9f3399"},"headline":"\u0631\u0645 \u062f\u0631 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9","datePublished":"2022-09-10T11:01:50+00:00","dateModified":"2022-09-10T11:29:55+00:00","mainEntityOfPage":{"@id":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/"},"wordCount":116,"commentCount":0,"image":{"@id":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/#primaryimage"},"thumbnailUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/forensic-analysis.jpg","articleSection":["\u062c\u0631\u0645 \u0634\u0646\u0627\u0633\u06cc (\u0641\u0627\u0631\u0646\u0632\u06cc\u06a9)","\u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 \u0645\u0645\u0648\u0631\u06cc","\u06cc\u06cc\u06cc\u06cc \u0627\u0633\u0644\u0627\u06cc\u062f"],"inLanguage":"fa-IR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/liangroup.net\/blog\/ram-in-forensics\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/","url":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/","name":"\u0631\u0645 \u062f\u0631 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9 - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","isPartOf":{"@id":"https:\/\/liangroup.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/#primaryimage"},"image":{"@id":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/#primaryimage"},"thumbnailUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/forensic-analysis.jpg","datePublished":"2022-09-10T11:01:50+00:00","dateModified":"2022-09-10T11:29:55+00:00","author":{"@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/56ec88338ff7cb5202779a216d9f3399"},"breadcrumb":{"@id":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/#breadcrumb"},"inLanguage":"fa-IR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/liangroup.net\/blog\/ram-in-forensics\/"]}]},{"@type":"ImageObject","inLanguage":"fa-IR","@id":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/#primaryimage","url":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/forensic-analysis.jpg","contentUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2022\/09\/forensic-analysis.jpg","width":800,"height":500,"caption":"\u0631\u0645 \u062f\u0631 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9"},{"@type":"BreadcrumbList","@id":"https:\/\/liangroup.net\/blog\/ram-in-forensics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u062e\u0627\u0646\u0647","item":"https:\/\/liangroup.net\/blog\/"},{"@type":"ListItem","position":2,"name":"\u0631\u0645 \u062f\u0631 \u0641\u0627\u0631\u0646\u0632\u06cc\u06a9"}]},{"@type":"WebSite","@id":"https:\/\/liangroup.net\/blog\/#website","url":"https:\/\/liangroup.net\/blog\/","name":"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","description":"\u0622\u062e\u0631\u06cc\u0646 \u0627\u062e\u0628\u0627\u0631\u060c\u0645\u0642\u0627\u0644\u0627\u062a \u0648 \u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/liangroup.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fa-IR"},{"@type":"Person","@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/56ec88338ff7cb5202779a216d9f3399","name":"\u0627\u062f\u0645\u06cc\u0646","description":"\u0639\u0644\u0627\u0642\u0645\u0646\u062f \u0628\u0647 \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0648 \u0622\u0634\u0646\u0627 \u0628\u0647 \u062d\u0648\u0632\u0647 \u062a\u0633\u062a \u0646\u0641\u0648\u0630","sameAs":["http:\/\/liangroup.net","#","https:\/\/x.com\/#"],"url":"https:\/\/liangroup.net\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts\/15920","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/comments?post=15920"}],"version-history":[{"count":0,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts\/15920\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/media\/15930"}],"wp:attachment":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/media?parent=15920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/categories?post=15920"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/tags?post=15920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}