You already know that you can extract quite a lot of useful forensic artifacts from a memory dump. But there is more: you can perform memory forensics even without a memory dump! There are files on the drive that contain some parts of memory. These files are pagefile.sys, swapfile.sys, and hiberfil.sys, and they are located at the system root (C:). In this recipe, we will show you how to extract browser data from pagefile.sys with Belkasoft Evidence Center.