Difference between pages "Encryption" and "Windows Memory Analysis"
From Forensics Wiki
(Difference between pages)
Uwe Hermann (Talk | contribs) m |
(Initial description. Needs help.) |
||
| Line 1: | Line 1: | ||
| − | + | ||
| + | == History == | ||
| + | During the 1990s, it became a [[best practice]] to capture a [[Tools:Memory_Imaging|memory image]] during incident response. At the time, the only way to analyze such memory images was using [[strings]]. Although this method could reveal interesting details about the memory image, there was no way to associate what data came from what program, let alone what user. | ||
| + | |||
| + | In the summer 2005 the [[DFRWS||Digital Forensics Research Workshop]] published a Memory Analysis Challenge. They distributed two memory images and asked researchers to answer a number of questions about a security incident. The challenge produced two seminal works. The first, by Chris Betz, introduced a tool called (NAME). The second, by George Garner and (AUTHOR) produced kntlist. | ||
Revision as of 08:41, 20 May 2006
History
During the 1990s, it became a best practice to capture a memory image during incident response. At the time, the only way to analyze such memory images was using strings. Although this method could reveal interesting details about the memory image, there was no way to associate what data came from what program, let alone what user.
In the summer 2005 the |Digital Forensics Research Workshop published a Memory Analysis Challenge. They distributed two memory images and asked researchers to answer a number of questions about a security incident. The challenge produced two seminal works. The first, by Chris Betz, introduced a tool called (NAME). The second, by George Garner and (AUTHOR) produced kntlist.
