Difference between pages "Windows Memory Analysis" and "User talk:Bethan Williams"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
m (Welcome!)
 
Line 1: Line 1:
...
+
'''Welcome to ''Forensics Wiki''!'''
 
+
We hope you will contribute much and well.
== History ==
+
You will probably want to read the [[Help:Contents|help pages]].
 
+
Again, welcome and have fun! [[User:.FUF|.FUF]] 10:26, 16 February 2012 (PST)
During the 1990s, it became a [[best practice]] to capture a [[Tools:Memory_Imaging|memory image]] during incident response. At the time, the only way to analyze such memory images was using [[strings]]. Although this method could reveal interesting details about the memory image, there was no way to associate what data came from what program, let alone what user.  
+
 
+
In the summer 2005 the [[Digital Forensic Research Workshop]] published a ''Memory Analysis Challenge''. They distributed two memory images and asked researchers to answer a number of questions about a security incident. The challenge produced two seminal works. The first, by [[Chris Betz]], introduced a tool called (NAME). The second, by [[George Garner]] and (AUTHOR) produced [[kntlist]].
+

Revision as of 14:26, 16 February 2012

Welcome to Forensics Wiki! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! .FUF 10:26, 16 February 2012 (PST)