±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36763
New Yesterday: 2 Visitors: 122

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Analyzing Windows Physical Memory

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

keydet89
Senior Member
 

Analyzing Windows Physical Memory

Post Posted: Apr 09, 06 16:28

I've started releasing some tools for assisting in analyzing dumps of physical memory (RAM) from Windows 2000 systems, made using dd.exe.

These tools are being released at:
sourceforge.net/projects/windowsir

So far, I've released two tools...lsproc locates processes (and threads) within the memory dump, and lspd will dump the details of a specific process from the dump file.

I'm working on cleaning up those tools, and also releasing other tools to dump the memory used by a process, and also the process's executable image.

If you try them out, comments are appreciated. I've already gotten some feedback, and it's very much appreciated.

Harlan  
 
  

psycko
Member
 

Re: Analyzing Windows Physical Memory

Post Posted: Apr 10, 06 01:50

Very interessant Harlan
Wink  
 
  

keydet89
Senior Member
 

Re: Analyzing Windows Physical Memory

Post Posted: Apr 10, 06 20:00

psycko,

Thanks. Do you think that something like this is useful? Would you use it?

I purchased a copy of RDF recently, b/c one of the authors was standing right there and I wanted him to sign it. I found out that the DVD has a physical memory dump from a Windows 2000 system...so I'm going to try it out.

Harlan  
 

Page 1 of 1