Win-LiFT Analyzer - Live Forensics Evidence Analysis Software
Win-LiFTAnalyzer is a forensic live analysis tool for analyzing volatile data collected by Win-LiFTImager.
It extracts forensically sound evidence and generates a detailed report.The analyzed information will be displayed in a user friendly manner
in different views.
The tool can examine and analyze the volatile data collected by Win-LiFTImager. It extracts different memory forensic artifacts.
Besides collecting list of running process, it extracts list of dynamic link libraries, sockets, other modules, open files
and command line information accessed by each process.
Win-LiFTAnalyzer works fine with Windows XP Memory dump.Windows Registry is an important source of evidence for forensic
examiners. The tool extracts forensically sound information from the registry files too.