The RAM is a temporary memory and the information is lost with a power failure. Therefore, the RAM image of the open system can be examined later and the desired information can be obtained during the intervention according to the vehicle used. Although open system, equipment used for live inspection must meet the requirements of forensic computing. Belkasoft Live RAM Capturer, which is used in Live Inspection, is some programs such as EnCase® Portable, Live Response and Helix 3 Pro.

Belkasoft Live RAM Capturer
Belkasoft is a free software that can be downloaded from the website of the company. The image can then be analyzed in the review software. The software runs on a Windows operating system and does not require installation and can be run from a USB memory.

EnCase® Portable
It is a software and USB memory device developed by Guidance Software. The data collected can be saved in Ex01, Lx01, E01, L01, formats. The metadata information and content of the extracted data do not change, it can be removed with the folder structure. If desired, the extracted content can be encrypted. Accessdata, which is based in America, is a software developed by USB and software for collecting volatile data. It can be saved to the USB memory by taking all the volatile data in the open system or the data to be selected from the menu.

System Information for Windows (SIW)
Topala Software Solutions, based in Canada, is a software developed for collecting information on Windows systems. The SIW Technician version of the software, which has several versions, works without installation.

Helix 3 Pro
The e-fense company installed in the US, the system that contains the other software to take the image of the live system, including Linux, Windows and Mac OS X, is compatible with the system. It can be determined whether there is encryption on disk level. The image in the disc contents allows you to filter files such as documents by type.