ATC-NY's new computer forensic tool, Windows Memory Reader, is a simple command-line utility to capture the contents of physical RAM on a suspect computer, letting an investigator gather volatile state information prior to shutting the machine down. Results are stored in a Windows crash dump or raw binary file for later off-line analysis by the investigator. Researchers can also use Windows Memory Reader to capture memory-mapped device data, such as shared video memory.