Tools:Memory Analysis
From Forensics Wiki
The following tools can be used to conduct memory analysis.
Memory Analysis Frameworks
- Volatility Framework - A complete framework for analyzing Windows, Linux and Mac OSX memory images.
- WindowsSCOPE Pro, Ultimate - Comprehensive toolkit for the capture and analysis of Windows physical and virtual memory targeting cyber analysis, forensics/incident response, and education. Software and hardware based acquisition with CaptureGUARD PCIe and ExpressCard.
- WindowsSCOPE Live live fetch and analysis of Windows computers on a network from Android smartphones and tablets.
- Second Look from Raytheon Pikewerks Corporation - provides Linux memory forensics, including acquisition and analysis.
Browser Email Memory Tool
- pdgmail is a python script to extract gmail artifacts from memory images. Made for images extracted with pdd, but works with any memory image.
Instant Messenger Memory Tool
- Belkasoft Evidence Center is a tool by Belkasoft which allows for retrieving various Instant Messenger artifacts from an attached memory image.
