RAM Capturer is a free tool provided by the software company Belkasoft. RAM Capturer is a simple tool to utilize and, like FTK Imager and WinPmem, it can be run from a USB. Let's take a look:

1. Running the application will cause the following window to appear:

The only input that's required for acquisition is to place the path of the folder where the memory image should be placed.

2. Once the output has been set, click on the Capture! button and let it run:

3. Once RAM Capturer completes, the following message will appear:

When looking at memory acquisition tools, the best approach is to capture as much data as possible as efficiently as possible. Tools such as FTK Imager are highly reliable and allow for acquiring not just memory but also other key pieces of evidence. However, at times, this may not be possible, and responders will have to use a USB key with a lightweight tool such as RAM Capturer. The best option is to determine the type of forensic tools that will be used to examine the evidence and then select the appropriate tool to acquire memory.

When looking at acquiring memory, another key factor with these tools that makes them useful is that they can also be leveraged in the event that responders do not have physical access to the suspect system.