Volatility Framework

The Volatility Framework is a collection of open source utilities which allow an examiner to extract information from Windows XP Service Pack 2 and Service Pack 3 memory (RAM) images.  From their website:

The Volatility Framework currently provides the following extraction capabilities for memory samples

• Image date and time
• Running processes
• Open network sockets
• Open network connections
• DLLs loaded for each process
• Open files for each process
• Open registry handles for each process
• A process’ addressable memory
• OS kernel modules
• Mapping physical offsets to virtual addresses (strings to process)
• Virtual Address Descriptor information
• Scanning examples: processes, threads, sockets, connections,modules
• Extract executables from memory samples
• Transparently supports a variety of sample formats (ie, Crash dump, Hibernation, DD)
• Automated conversion between formats

If you perform a live capture of a Windows Xp system, this collection of tools is a great place to extract more than just strings from the image.  Also, check out their website periodically as they update the framework and are working on support for additional operating systems.