I have a question?

If you dump the RAM "internal memory" with dd to an image file, you get everything in memory or Will something be missing?

The dd application is running in memory, so it is altering it as you dump it. You might want to look into how the open source ClamWin virus scanner handles this issue when scanning memory for viruses.

I would use RamCapturer from belkasoft or FTKImager, think it has an option ot extract ram as dd image as well

Thanks all.
If I change my question to

If you dump the RAM "internal memory" with any software to an image file, you get everything in memory or Will something be missing?

Maybe its more clear now

Whatever is in the ram should be on the image afterwards unless a corruption of some kind has occured(which is not that uncommon). You seem interested in volatile memory as you've asked stuff about volatility and now ram images. I would suggest you to take a look at a book called "The Art of Memory Forensics". It is by the developers of volatility, so the tool is used throughout the book. Moreover, the book covers ram images of different Windows operating systems, Linux and Mac as well. It is an incredable read and I am pretty sure if you want to get deeper in the field you would love it

if Linux RAM, I dont think you can use dd to capture or image it. I think LiME may be the option if you are dealing with Linux. There are several free tools for Windows in addition to those already mentioned. Note however as RAM is volatile - the footprint of the tool you use will overwrite data in RAM. As an example, if your target is 1GB and your tool's footprint 100 MB you just overwrote 100MB of potential valuable data. Some tools have larger footprints than others. $0.02

LiME is the only decent option yh, problem with linux is that you need a profile of the exact system that you are running, and it's usually the case that you have to make that yourself(On a different machine so the RAM that you are trying to capture doesn't get changed). The process is a bit painful, especially when it comes to Kali .. But there are some already premade profiles on github open for download that include the most common distros althogh it's been awhile since it's been updated

What will be the command to dump the memory of a windows system to a certain partition with a specified name

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.