Memory forensics
Grant Olson
kgo at grant-olson.net
Sat Mar 6 20:27:15 CET 2010
On 3/6/2010 2:02 AM, Robert J. Hansen wrote:
>>
>> Thanks a million for all this. The company "Volatile Systems" was
>> really messing with my google-fu.
>
> Err -- why?
>
> Volatile Systems is behind the Volatility framework, which is probably
> the best FOSS tool going right now for Windows memory analysis.
> (Admittedly, it only works on Windows XP... but given XP's userbase,
> even today, that's not a huge loss.) If you want to learn about what
> memory analysis can do, you could do a lot worse than to look into
> Volatility.
>
> Volatility can also inspect Windows XP's hibernation file and recover
> data structures from it. I seem to recall that Volatility was the
> toolkit used by the Madison investigators, but don't quote me on that.
> I may be barking wrong.
>
I was probably just being a little dense. I could see that they had a
memory forensics tool, but the company pages that I got when searching
on "volatile memory forensics" were steering me away from basic
definition and intro and FAQ pages. Anyway, thanks again for the info.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100306/8ef7d57a/attachment-0001.pgp>
More information about the Gnupg-users
mailing list