Difference between revisions of "Linux Memory Analysis"

From ForensicsWiki
Jump to: navigation, search
(Linux Memory Analysis Tools)
(Linux Memory Analysis Tools)
Line 1: Line 1:
 
==Linux Memory Analysis Tools==
 
==Linux Memory Analysis Tools==
* [http://pikewerks.com/sl/ Second Look] from [http://www.pikewerks.com Pikewerks Corporation]
+
* [http://pikewerks.com/sl/ Second Look] from [http://www.pikewerks.com Pikewerks Corporation] - This tool can perform analysis of live local and remote memory sources, as well as stored snapshots of memory (physical memory images or hibernate images).  It can be used to detect rootkits and other kernel-hooking malware, as well as obtain forensic information about the state of the system.  It has reverse engineering capabilities, including built-in disassembly and hexadecimal data views, and the ability of modifying target memory.
  
 
==Linux Memory Analysis Bibliography==
 
==Linux Memory Analysis Bibliography==
 
* [https://www.usenix.org/events/usenix05/tech/freenix/full_papers/movall/movall.pdf Linux Physical Memory Analysis], Paul Movall, Ward Nelson, Shaun Wetzstein, Usenix 2005 (PDF)
 
* [https://www.usenix.org/events/usenix05/tech/freenix/full_papers/movall/movall.pdf Linux Physical Memory Analysis], Paul Movall, Ward Nelson, Shaun Wetzstein, Usenix 2005 (PDF)
 
* [http://cisr.nps.edu/downloads/theses/06thesis_urrea.pdf Urrea, J. M., "An Analysis Of Linux Ram Forensics", Masters Thesis, Naval Postgraduate School, March 2006] (PDF)
 
* [http://cisr.nps.edu/downloads/theses/06thesis_urrea.pdf Urrea, J. M., "An Analysis Of Linux Ram Forensics", Masters Thesis, Naval Postgraduate School, March 2006] (PDF)

Revision as of 13:49, 24 January 2009

Linux Memory Analysis Tools

  • Second Look from Pikewerks Corporation - This tool can perform analysis of live local and remote memory sources, as well as stored snapshots of memory (physical memory images or hibernate images). It can be used to detect rootkits and other kernel-hooking malware, as well as obtain forensic information about the state of the system. It has reverse engineering capabilities, including built-in disassembly and hexadecimal data views, and the ability of modifying target memory.

Linux Memory Analysis Bibliography