Memory forensics

Grant Olson kgo at
Sat Mar 6 20:27:15 CET 2010

On 3/6/2010 2:02 AM, Robert J. Hansen wrote:
>> Thanks a million for all this.  The company "Volatile Systems" was
>> really messing with my google-fu.
> Err -- why?
> Volatile Systems is behind the Volatility framework, which is probably
> the best FOSS tool going right now for Windows memory analysis.
>  (Admittedly, it only works on Windows XP... but given XP's userbase,
> even today, that's not a huge loss.)  If you want to learn about what
> memory analysis can do, you could do a lot worse than to look into
> Volatility.
> Volatility can also inspect Windows XP's hibernation file and recover
> data structures from it.  I seem to recall that Volatility was the
> toolkit used by the Madison investigators, but don't quote me on that.
>  I may be barking wrong.

I was probably just being a little dense.  I could see that they had a
memory forensics tool, but the company pages that I got when searching
on "volatile memory forensics" were steering me away from basic
definition and intro and FAQ pages.  Anyway, thanks again for the info.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100306/8ef7d57a/attachment-0001.pgp>

More information about the Gnupg-users mailing list