An important but often overlooked process in incident handling is memory analysis. In this installment of David Biser’s series on incident response, he explains and demonstrates how to use memory analysis to investigate an attack and gain useful evidence from memory that may not otherwise be available.