make a copy of everything in memory [security+]

how is something like that useful?

Assuming you have the right tools installed and symbols installed you can possibly search the memory for things. If you have the debug symbols installed on a test machine you can possibly debug code and see what is going on.

If you don't have training for kernel level development it probably isn't that useful, and you are mostly just capturing this information to provide to an expert in case you need it.

It can possibly used to confirm or rule out that the compromised system has recently sent or received data. It could possibly give you hints about the attackers control systems and so on. It could possibly tell you what information has been compromised, and which accounts on your network were currnetly being used.

How does one do that?

Well on Windows there are a couple sysinternals tools that can generate a dumpfile for the system or applications. The tricky part is that Crash dumps are mostly disabled on modern version of Windows by default and you have to restart to enable them. Restarting would clear the memory you want to capture. Even more complicated by the fact that you would probably want to isolate a compromised system first which means you might not have those tools available on the system you are examining.

• https://docs.microsoft.com/en-us/sysinternals/downloads/notmyfault
• https://docs.microsoft.com/en-us/sysinternals/downloads/procdump

There are some tools listed on the Forensics Wiki (which appears to be offline when I checked) that might be useful for dumping memory. I haven't used any of the 3rd party tools.

• https://web.archive.org/web/20190427230836/http://www.forensicswiki.org/wiki/Tools:Memory_Imaging

On the Linux side of things there may be a way to dump it depending on if you have the devices disabled or not. See this question over on superuser.