Difference between revisions of "Tools:Memory Analysis"

From ForensicsWiki
Jump to: navigation, search
m
(Memory Analysis Frameworks)
 
(One intermediate revision by one other user not shown)
Line 2: Line 2:
  
 
== Memory Analysis Frameworks ==
 
== Memory Analysis Frameworks ==
* [[Volatility Framework]] - A complete framework for analyzing Windows XP Service Pack 2 memory images.
+
* [[Volatility Framework]] - A complete framework for analyzing Windows, Linux and Mac OSX memory images.
 
* [http://www.windowsscope.com WindowsSCOPE Pro, Ultimate] - Comprehensive toolkit for the capture and analysis of Windows physical and virtual memory targeting cyber analysis, forensics/incident response, and education. Software and hardware based acquisition with [http://www.windowsscope.com/index.php?option=com_virtuemart&Itemid=34    CaptureGUARD PCIe and ExpressCard].  
 
* [http://www.windowsscope.com WindowsSCOPE Pro, Ultimate] - Comprehensive toolkit for the capture and analysis of Windows physical and virtual memory targeting cyber analysis, forensics/incident response, and education. Software and hardware based acquisition with [http://www.windowsscope.com/index.php?option=com_virtuemart&Itemid=34    CaptureGUARD PCIe and ExpressCard].  
 
* [http://www.windowsscope.com WindowsSCOPE Live] live fetch and analysis of Windows computers on a network from Android smartphones and tablets.  
 
* [http://www.windowsscope.com WindowsSCOPE Live] live fetch and analysis of Windows computers on a network from Android smartphones and tablets.  
* [http://secondlookforensics.com/ Second Look] from [http://www.pikewerks.com Raytheon Pikewerks Corporation] - provides Linux memory forensics, including acquisition and analysis.
+
* [[Second Look]] from [http://www.pikewerks.com Raytheon Pikewerks Corporation] - provides Linux memory forensics, including acquisition and analysis.
  
 
== Browser Email Memory Tool ==
 
== Browser Email Memory Tool ==

Latest revision as of 20:05, 21 December 2012

The following tools can be used to conduct memory analysis.

Memory Analysis Frameworks

Browser Email Memory Tool

  • pdgmail is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image.

Instant Messenger Memory Tool