ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Memory analysis" and "IDA Pro"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(Initial Stub)
 
Line 1: Line 1:
'''Memory Analysis''' is the science of using a [[Tools:Memory Imaging|memory image]] to determine information about running programs, the [[operating system]], and the overall state of a computer. Because the analysis is highly dependent on the operating system, we have broken it into subpages:
+
{{Expand}}
  
* [[Windows Memory Analysis]]
+
== External Links ==
* [[Linux Memory Analysis]]
+
  
== OS-Independent Analysis ==
+
* [http://www.datarescue.com/idabase/ Official website]
  
At the IEEE Security and Privacy conference in May 2011, Brendan Dolan-Gavitt presented a novel system,[http://www.cc.gatech.edu/~brendan/Virtuoso_Oakland.pdf Virtuoso], that was able to perform operating-system independent memory analysis. Using virtual machine introspection accompanied by a number of formal program analysis techniques, his system was able to monitor the machine-level instructions and behavior of application actions (listing processes, network connections, etc) and then automatically generate Volatility plugins that replicated this analysis.
+
[[Category:Debuggers]
 
+
== Encryption Keys ==
+
 
+
Various types of encryption keys can be extracted during memory analysis.
+
You can use [[AESKeyFinder]] to extract 128-bit and 256-bit [[AES]] keys and [[RSAKeyFinder]] to extract all private and public [[RSA]] keys from a memory dump [http://citp.princeton.edu/memory/code/]. [http://jessekornblum.com/tools/volatility/cryptoscan.py cryptoscan.py] ([[List of Volatility Plugins|plugin for the Volatility memory analysis framework]]) scans a memory image for [[TrueCrypt]] passphrases.
+
 
+
== See Also ==
+
 
+
* [[Tools:Memory Imaging]]
+
* [[Tools:Memory Analysis]]
+
 
+
[[Category:Memory Analysis]]
+

Revision as of 20:32, 2 March 2007

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

External Links

[[Category:Debuggers]