ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Linux Memory Analysis" and "Windows Desktop Search"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (https link uses bad cert, http works fine)
(Initial stub)
Line 1: Line 1:
The [[Digital Forensic Research Workshop]] [ 2008 Forensics Challenge] focused on the development of Linux memory analysis techniques and the fusion of evidence from memory, hard disk, and network.
==Linux Memory Analysis Tools==
== See Also ==
* The [ Forensic Analysis Toolkit (FATKit)] is a cross-platform, modular, and extensible digital investigation framework for analyzing volatile system memory.  (Availability/License: research project, not available)
* [ Draugr] is a Linux memory forensics tool written in Python.  (Availability/License: GNU GPL)
* [ Foriana] is tool for extraction of information such as the process and modules lists from a RAM image using logical relations between OS structures.  (Availability/License: GNU GPL)
* [ Second Look] from [ Pikewerks Corporation] - This product can perform analysis of live local and remote memory sources, as well as stored snapshots of memory (physical memory images or hibernate images).  It can be used to detect rootkits and other kernel-hooking malware, as well as obtain forensic information about the state of the system.  It has command-line and GUI interfaces, reverse engineering capabilities (including built-in disassembly and hexadecimal data views), and the capability of modifying target memory.  An online reference kernel repository provides baselines for verification of thousands of distribution stock kernels.  (Availability/License: commercial)
* The [ Volatility Framework] is a collection of tools, implemented in Python, for the extraction of digital artifacts from volatile memory (RAM) samples.  (Availability/License: GNU GPL)
==Linux Memory Analysis Bibliography==
[[Google Desktop Search]]
* [ Linux Physical Memory Analysis], Paul Movall, Ward Nelson, Shaun Wetzstein; Usenix, 2005.
* [ An Analysis Of Linux RAM Forensics], J.M. Urrea, Masters Thesis, Naval Postgraduate School, 2006.
== External Links ==
* [ Linux Live Memory Forensics], a presentation by Desnos Anthony describing the implementation of draugr, 2009.
* [ Forensic RAM Dump Image Analyzer] by Ivor Kollar, describing the implementation of foriana, 2009.
* [ Official website]
* [ Wikipedia entry on Windows Desktop Search]
* [ Wikipedia list of Desktop search engines]

Revision as of 13:07, 4 April 2007

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

See Also

Google Desktop Search

External Links