ATTENTION: The new home of the Digital Forensics Wiki is at Yeah, it's a silly name, but it was cheap.
This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn

Difference between revisions of "Tools:Memory Analysis"

From ForensicsWiki
Jump to: navigation, search
m (Added Belkasoft tool for Windows RAM investigation)
(Memory Analysis Frameworks)
(4 intermediate revisions by 3 users not shown)
Line 2: Line 2:
== Memory Analysis Frameworks ==
== Memory Analysis Frameworks ==
* [[Volatility Framework]] - A complete framework for analyzing Windows XP Service Pack 2 memory images.
* [[Volatility Framework]] - A complete framework for analyzing Windows, Linux and Mac OSX memory images.
* [ Second Look] from [ Pikewerks Corporation] - A toolset (GUI/CLI/API) for the analysis of Linux memory images, for information assurance, forensics, incident response, and reverse engineering.
* [ WindowsSCOPE Pro, Ultimate] - Comprehensive toolkit for the capture and analysis of Windows physical and virtual memory targeting cyber analysis, forensics/incident response, and education. Software and hardware based acquisition with [    CaptureGUARD PCIe and ExpressCard].
* [ WindowsSCOPE Live] live fetch and analysis of Windows computers on a network from Android smartphones and tablets.
* [[Second Look]] from [ Raytheon Pikewerks Corporation] - provides Linux memory forensics, including acquisition and analysis.
== Browser Email Memory Tool ==
== Browser Email Memory Tool ==

Revision as of 00:05, 22 December 2012

The following tools can be used to conduct memory analysis.

Memory Analysis Frameworks

Browser Email Memory Tool

  • pdgmail is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image.

Instant Messenger Memory Tool