Difference between revisions of "Tools:Memory Analysis"

From ForensicsWiki
Jump to: navigation, search
m (Added Belkasoft tool for Windows RAM investigation)
(Memory Analysis Frameworks)
Line 3: Line 3:
 
== Memory Analysis Frameworks ==
 
== Memory Analysis Frameworks ==
 
* [[Volatility Framework]] - A complete framework for analyzing Windows XP Service Pack 2 memory images.
 
* [[Volatility Framework]] - A complete framework for analyzing Windows XP Service Pack 2 memory images.
 +
* [http://www.windowsscope.com WindowsSCOPE Pro, Law Enforcement] - Comprehensive toolkit for the capture and analysis of Windows physical and virtual memory targeting cyber analysis, forensics/incident response, and education. Software and hardware based acquisition with [http://www.bluerisc.com BlueRISC] [http://www.bluerisc.com/index.php?option=com_virtuemart&page=shop.browse&category_id=6&Itemid=22    TrustGUARD PCIe and ExpressCard].
 +
* [http://www.windowsscope.com WindowsSCOPE Live] live fetch and analysis of Windows computers on a network from Android smartphones and tablets.
 
* [http://pikewerks.com/sl/ Second Look] from [http://www.pikewerks.com Pikewerks Corporation] - A toolset (GUI/CLI/API) for the analysis of Linux memory images, for information assurance, forensics, incident response, and reverse engineering.
 
* [http://pikewerks.com/sl/ Second Look] from [http://www.pikewerks.com Pikewerks Corporation] - A toolset (GUI/CLI/API) for the analysis of Linux memory images, for information assurance, forensics, incident response, and reverse engineering.
  

Revision as of 10:47, 5 November 2011

The following tools can be used to conduct memory analysis.

Memory Analysis Frameworks

Browser Email Memory Tool

  • pdgmail is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image.

Instant Messenger Memory Tool