Memory forensics

Robert J. Hansen rjh at sixdemonbag.org
Sat Mar 6 08:02:24 CET 2010


> 
> Thanks a million for all this.  The company "Volatile Systems" was
> really messing with my google-fu.

Err -- why?

Volatile Systems is behind the Volatility framework, which is probably the best FOSS tool going right now for Windows memory analysis.  (Admittedly, it only works on Windows XP... but given XP's userbase, even today, that's not a huge loss.)  If you want to learn about what memory analysis can do, you could do a lot worse than to look into Volatility.

Volatility can also inspect Windows XP's hibernation file and recover data structures from it.  I seem to recall that Volatility was the toolkit used by the Madison investigators, but don't quote me on that.  I may be barking wrong.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100306/7757ca67/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3916 bytes
Desc: not available
URL: </pipermail/attachments/20100306/7757ca67/attachment-0001.bin>


More information about the Gnupg-users mailing list