Difference between revisions of "Memory analysis"

From ForensicsWiki
Jump to: navigation, search
m (correct link)
Line 3: Line 3:
 
* [[Windows Memory Analysis]]
 
* [[Windows Memory Analysis]]
 
* [[Linux Memory Analysis]]
 
* [[Linux Memory Analysis]]
* [[FreeBSD Memory Analysis]]
 
  
 
== Encryption Keys ==
 
== Encryption Keys ==

Revision as of 14:04, 24 January 2009

Memory Analysis is the science of using a memory image to determine information about running programs, the operating system, and the overall state of a computer. Because the analysis is highly dependent on the operating system, we have broken it into subpages:

Encryption Keys

Various types of encryption keys can be extracted during memory analysis. You can use AESKeyFinder to extract 128-bit and 256-bit AES keys and RSAKeyFinder to extract all private and public RSA keys from a memory dump [1]. cryptoscan.py (plugin for the Volatility memory analysis framework) scans a memory image for TrueCrypt passphrases.

See Also