From Forensics Wiki
Revision as of 09:47, 5 November 2011 by C Andras Moritz
The following tools can be used to conduct memory analysis.
Memory Analysis Frameworks
- Volatility Framework - A complete framework for analyzing Windows XP Service Pack 2 memory images.
- WindowsSCOPE Pro, Law Enforcement - Comprehensive toolkit for the capture and analysis of Windows physical and virtual memory targeting cyber analysis, forensics/incident response, and education. Software and hardware based acquisition with BlueRISC TrustGUARD PCIe and ExpressCard.
- WindowsSCOPE Live live fetch and analysis of Windows computers on a network from Android smartphones and tablets.
- Second Look from Pikewerks Corporation - A toolset (GUI/CLI/API) for the analysis of Linux memory images, for information assurance, forensics, incident response, and reverse engineering.
Browser Email Memory Tool
- pdgmail is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image.