Win-LiFTAnalyzer is a forensic live analysis tool for analyzing volatile data collected by Win-LiFTImager. It extracts forensically sound evidence and generates a detailed report.The analyzed information will be displayed in a user friendly manner in different views.

The tool can examine and analyze the volatile data collected by Win-LiFTImager. It extracts different memory forensic artifacts. Besides collecting list of running process, it extracts list of dynamic link libraries, sockets, other modules, open files and command line information accessed by each process.

Win-LiFTAnalyzer works fine with Windows XP Memory dump.Windows Registry is an important source of evidence for forensic examiners. The tool extracts forensically sound information from the registry files too.