”The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. Volatility | Memory Forensics – From the page:.Please notice ALL (32-bits + 64-bits, driver + executable) windd binaries are digitally signed to confirm they are from a trusted source.” "Windd is a free Windows utility, by Matthieu Suiche, which aims at being used as a swiss-knife to acquire the physical memory by investigators, incident responses engineers, malware analysts, system administrators and kernel developpers. WinDD – crafted and updated with love and passion by Matthieu Suiche.Probably nothing much new here to find by the pros, it’s more of my own roundup in case I loose my USB utility drive…. In the meantime, for reference purposes, here is a short list of some freeware tools and utilities I have on the old USB stick that can all do memory captures of Windows systems (or are useful from a memory analysis perspective).
Then there is that forensics “Heavy Edition” Linkfest that will I hope won’t take an HRT to get out the door. I’m still sitting on a USMT-GUI post that I’ve got to add to a fire-sale post. Some stuff acquired by dear friend TinyApps.Org Blog regarding Read-Only Honoring of USB media. Then there is some WinPE 3.0 & DISM notes.
I’ve got a massive “new & improved” round-up linkfest bursting at the seams. Due to the recent rounds of troubleshooting, the posts lately haven’t been the meaty material I’ve been setting aside.
0 kommentar(er)
