Difference between revisions of "Tools:Memory Analysis"

From ForensicsWiki
Jump to: navigation, search
m
Line 1: Line 1:
The following tools can be used to conduct memory analysis
+
The following tools can be used to conduct memory analysis.
  
 
== Memory Analysis Frameworks ==
 
== Memory Analysis Frameworks ==
 
* [[Volatility Framework]] - A complete framework for analyzing Windows XP Service Pack 2 memory images.
 
* [[Volatility Framework]] - A complete framework for analyzing Windows XP Service Pack 2 memory images.
 +
* [http://pikewerks.com/sl/ Second Look] from [http://www.pikewerks.com Pikewerks Corporation] - A toolset (GUI application, CLI application, and API) for the analysis of Linux memory images, for information assurance, forensics, incident response, and reverse engineering.
  
 
== Browser Email Memory Tool ==
 
== Browser Email Memory Tool ==
 
* [http://www.jeffbryner.com/code/pdgmail pdgmail] is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image.
 
* [http://www.jeffbryner.com/code/pdgmail pdgmail] is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image.

Revision as of 13:06, 24 January 2009

The following tools can be used to conduct memory analysis.

Memory Analysis Frameworks

  • Volatility Framework - A complete framework for analyzing Windows XP Service Pack 2 memory images.
  • Second Look from Pikewerks Corporation - A toolset (GUI application, CLI application, and API) for the analysis of Linux memory images, for information assurance, forensics, incident response, and reverse engineering.

Browser Email Memory Tool

  • pdgmail is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image.