Difference between pages "Memory analysis" and "IDA Pro"
From Forensics Wiki
(Difference between pages)
|
|
| Line 1: |
Line 1: |
| − | '''Memory Analysis''' is the science of using a [[Tools:Memory Imaging|memory image]] to determine information about running programs, the [[operating system]], and the overall state of a computer. Because the analysis is highly dependent on the operating system, we have broken it into subpages:
| + | {{Expand}} |
| | | | |
| − | * [[Windows Memory Analysis]]
| + | == External Links == |
| − | * [[Linux Memory Analysis]]
| + | |
| | | | |
| − | == OS-Independent Analysis ==
| + | * [http://www.datarescue.com/idabase/ Official website] |
| | | | |
| − | At the IEEE Security and Privacy conference in May 2011, Brendan Dolan-Gavitt presented a novel system,[http://www.cc.gatech.edu/~brendan/Virtuoso_Oakland.pdf Virtuoso], that was able to perform operating-system independent memory analysis. Using virtual machine introspection accompanied by a number of formal program analysis techniques, his system was able to monitor the machine-level instructions and behavior of application actions (listing processes, network connections, etc) and then automatically generate Volatility plugins that replicated this analysis.
| + | [[Category:Debuggers] |
| − | | + | |
| − | == Encryption Keys ==
| + | |
| − | | + | |
| − | Various types of encryption keys can be extracted during memory analysis.
| + | |
| − | You can use [[AESKeyFinder]] to extract 128-bit and 256-bit [[AES]] keys and [[RSAKeyFinder]] to extract all private and public [[RSA]] keys from a memory dump [http://citp.princeton.edu/memory/code/]. [http://jessekornblum.com/tools/volatility/cryptoscan.py cryptoscan.py] ([[List of Volatility Plugins|plugin for the Volatility memory analysis framework]]) scans a memory image for [[TrueCrypt]] passphrases.
| + | |
| − | | + | |
| − | == See Also ==
| + | |
| − | | + | |
| − | * [[Tools:Memory Imaging]]
| + | |
| − | * [[Tools:Memory Analysis]]
| + | |
| − | | + | |
| − | [[Category:Memory Analysis]] | + | |
Revision as of 15:32, 2 March 2007
|
|
Please help to improve this article by expanding it.
Further information might be found on the discussion page.
|
External Links
[[Category:Debuggers]
