Difference between pages "Category:Live CD" and "Memory analysis"

Revision as of 13:04, 24 January 2009

Memory Analysis is the science of using a memory image to determine information about running programs, the operating system, and the overall state of a computer. Because the analysis is highly dependent on the operating system, we have broken it into subpages:

Encryption Keys

Various types of encryption keys can be extracted during memory analysis. You can use AESKeyFinder to extract 128-bit and 256-bit AES keys and RSAKeyFinder to extract all private and public RSA keys from a memory dump [1]. cryptoscan.py (plugin for the Volatility memory analysis framework) scans a memory image for TrueCrypt passphrases.

Pages in category "Live CD"

The following 27 pages are in this category, out of 27 total.

B

BackTrack

C

CAINE Live CD

D

F

G

Grml

H

K

L

Template:Live CD

M

P

Penguin Sleuthkit

P cont.

R

Recovery Is Possible

S

T

THE FARMER'S BOOT CD

W

WinFE

@@ Line 1: / Line 1: @@
-<div style="margin-top:0.5em; border:2px solid #ff0000; padding:0.5em 0.5em 0.5em 0.5em; background-color:#dddddd; align:center;">
+'''Memory Analysis''' is the science of using a [[Tools:Memory Imaging|memory image]] to determine information about running programs, the [[operating system]], and the overall state of a computer. Because the analysis is highly dependent on the operating system, we have broken it into subpages:
-'''Note:''' We're trying to use the same [[tool template]] for all devices. Please use this if possible.
-</div>
-==See Also==
+* [[Windows Memory Analysis]]
-* [[:Category:VMWare Appliances]]
+* [[Linux Memory Analysis]]
-[[Category:Tools]]
+== Encryption Keys ==
+Various types of encryption keys can be extracted during memory analysis.
+You can use [[AESKeyFinder]] to extract 128-bit and 256-bit [[AES]] keys and [[RSAKeyFinder]] to extract all private and public [[RSA]] keys from a memory dump [http://citp.princeton.edu/memory/code/]. [http://jessekornblum.com/tools/volatility/cryptoscan.py cryptoscan.py] ([[List of Volatility Plugins|plugin for the Volatility memory analysis framework]]) scans a memory image for [[TrueCrypt]] passphrases.
+== See Also ==
+* [[Tools:Memory Imaging]]
+* [[Tools:Memory Analysis]]

Difference between pages "Category:Live CD" and "Memory analysis"

Revision as of 13:04, 24 January 2009

Encryption Keys

See Also

Pages in category "Live CD"

B

C

D

F

G

H

K

L

M

P

P cont.

R

S

T

W

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation:

About forensicswiki.org:

Toolbox