Difference between pages "Windows Memory Analysis" and "File:S738C TAPS.JPG"
(Difference between pages)
| || |
|−|== History == | |
|−|During the 1990s, it became a [[best practice]] to capture a [[Tools:Memory_Imaging|memory image]] during incident response. At the time, the only way to analyze such memory images was using [[strings]]. Although this method could reveal interesting details about the memory image, there was no way to associate what data came from what program, let alone what user. | |
|−|In the summer 2005 the [[DFRWS||Digital Forensics Research Workshop]] published a Memory Analysis Challenge. They distributed two memory images and asked researchers to answer a number of questions about a security incident. The challenge produced two seminal works. The first, by Chris Betz, introduced a tool called (NAME). The second, by George Garner and (AUTHOR) produced kntlist. | |
Latest revision as of 21:40, 23 December 2013