How to extract forensic artifacts from pagefile.sys?

Microsoft Windows uses a paging file, called pagefile.sys, to store page-size blocks of memory that do not current fit into physical memory. This file, stored in %SystemDrive%\pagefile.sys is a hidden system file and it can never be read or accessed by a user, including Administrator. It is possible to read this file by parsing the … Continue reading How to extract forensic artifacts from pagefile.sys?