Difference between revisions of "Tools:Memory Analysis"
From Forensics Wiki
m |
|||
| (4 intermediate revisions by 3 users not shown) | |||
| Line 3: | Line 3: | ||
== Memory Analysis Frameworks == | == Memory Analysis Frameworks == | ||
* [[Volatility Framework]] - A complete framework for analyzing Windows XP Service Pack 2 memory images. | * [[Volatility Framework]] - A complete framework for analyzing Windows XP Service Pack 2 memory images. | ||
| − | * [http:// | + | * [http://www.windowsscope.com WindowsSCOPE Pro, Ultimate] - Comprehensive toolkit for the capture and analysis of Windows physical and virtual memory targeting cyber analysis, forensics/incident response, and education. Software and hardware based acquisition with [http://www.windowsscope.com/index.php?option=com_virtuemart&Itemid=34 CaptureGUARD PCIe and ExpressCard]. |
| + | * [http://www.windowsscope.com WindowsSCOPE Live] live fetch and analysis of Windows computers on a network from Android smartphones and tablets. | ||
| + | * [http://secondlookforensics.com/ Second Look] from [http://www.pikewerks.com Raytheon Pikewerks Corporation] - provides Linux memory forensics, including acquisition and analysis. | ||
== Browser Email Memory Tool == | == Browser Email Memory Tool == | ||
* [http://www.jeffbryner.com/code/pdgmail pdgmail] is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image. | * [http://www.jeffbryner.com/code/pdgmail pdgmail] is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image. | ||
| + | |||
| + | == Instant Messenger Memory Tool == | ||
| + | * [http://belkasoft.com Belkasoft Evidence Center] is a tool by [[Belkasoft]] which allows for retrieving various Instant Messenger artifacts from an attached memory image. | ||
Revision as of 15:43, 9 June 2012
The following tools can be used to conduct memory analysis.
Memory Analysis Frameworks
- Volatility Framework - A complete framework for analyzing Windows XP Service Pack 2 memory images.
- WindowsSCOPE Pro, Ultimate - Comprehensive toolkit for the capture and analysis of Windows physical and virtual memory targeting cyber analysis, forensics/incident response, and education. Software and hardware based acquisition with CaptureGUARD PCIe and ExpressCard.
- WindowsSCOPE Live live fetch and analysis of Windows computers on a network from Android smartphones and tablets.
- Second Look from Raytheon Pikewerks Corporation - provides Linux memory forensics, including acquisition and analysis.
Browser Email Memory Tool
- pdgmail is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image.
Instant Messenger Memory Tool
- Belkasoft Evidence Center is a tool by Belkasoft which allows for retrieving various Instant Messenger artifacts from an attached memory image.
