Many operating systems provide features to kernel developers and end-users to actually create a snapshot of the physical memory for either debugging ( core dump or Blue Screen of Death) purposes or experience enhancement ( Hibernation (computing)). In general, their primary usage is to extract text from the memory dump. These tools are not specifically created for memory forensics, and therefore are difficult to use.
Prior to 2004, memory forensics was done on an ad hoc basis, using generic data analysis tools like strings and grep.
