Difference between revisions of "Tools:Memory Analysis"
From Forensics Wiki
m |
|||
| Line 1: | Line 1: | ||
| − | The following tools can be used to conduct memory analysis | + | The following tools can be used to conduct memory analysis. |
== Memory Analysis Frameworks == | == Memory Analysis Frameworks == | ||
* [[Volatility Framework]] - A complete framework for analyzing Windows XP Service Pack 2 memory images. | * [[Volatility Framework]] - A complete framework for analyzing Windows XP Service Pack 2 memory images. | ||
| + | * [http://pikewerks.com/sl/ Second Look] from [http://www.pikewerks.com Pikewerks Corporation] - A toolset (GUI application, CLI application, and API) for the analysis of Linux memory images, for information assurance, forensics, incident response, and reverse engineering. | ||
== Browser Email Memory Tool == | == Browser Email Memory Tool == | ||
* [http://www.jeffbryner.com/code/pdgmail pdgmail] is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image. | * [http://www.jeffbryner.com/code/pdgmail pdgmail] is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image. | ||
Revision as of 13:06, 24 January 2009
The following tools can be used to conduct memory analysis.
Memory Analysis Frameworks
- Volatility Framework - A complete framework for analyzing Windows XP Service Pack 2 memory images.
- Second Look from Pikewerks Corporation - A toolset (GUI application, CLI application, and API) for the analysis of Linux memory images, for information assurance, forensics, incident response, and reverse engineering.
Browser Email Memory Tool
- pdgmail is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image.
