Difference between revisions of "Tools:Memory Analysis"

From ForensicsWiki
Jump to: navigation, search
(Memory Analysis Frameworks)
m (Added)
Line 12: Line 12:
 
== Instant Messenger Memory Tool ==
 
== Instant Messenger Memory Tool ==
 
* [http://belkasoft.com Belkasoft Evidence Center] is a tool by [[Belkasoft]] which allows for retrieving various Instant Messenger artifacts from an attached memory image.
 
* [http://belkasoft.com Belkasoft Evidence Center] is a tool by [[Belkasoft]] which allows for retrieving various Instant Messenger artifacts from an attached memory image.
 +
 +
== Platform Independent Tools ==
 +
A list of tools which should work regardless of future incremental OS / hardware updates.
 +
* [https://github.com/ShaneK2/inVtero.net inVtero.net] Open Source Hypervisor/Process/Kernel detection for Windows, FreeBSD, OpenBSD and NetBSD.  inVtero.net is based on interpreting low-level hardware defined constructs which change little over time.  See github for details.

Revision as of 22:58, 9 November 2015

The following tools can be used to conduct memory analysis.

Memory Analysis Frameworks

Browser Email Memory Tool

  • pdgmail is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image.

Instant Messenger Memory Tool

Platform Independent Tools

A list of tools which should work regardless of future incremental OS / hardware updates.

  • inVtero.net Open Source Hypervisor/Process/Kernel detection for Windows, FreeBSD, OpenBSD and NetBSD. inVtero.net is based on interpreting low-level hardware defined constructs which change little over time. See github for details.