Live Acquisition Tool
Please use the following link to download Q-CERT Live Acquisition Tool as a password protected ZIP file.
The password is Q-cert+701
1. Copy this tool to a new folder.
2. Right click and run QCERT-LA.exe as Administrator
3. It will take a while to get executed and while running, it creates;
a. A memory dump RAW file
b. An exe called Dumpit.exe
c. A folder named Output, and
b. A zip file called Output.zip
Output.zip along with the RAW file is the final out put we care about.
This tool fetches the volatile information of the computer.
NB: The execution time of this too depends upon the size of the hard disk and memory. Please do not quit the application half-way. Only quit the application after the zip file is generated completely.