Memory analysis - pagefile.sys

[jsawyer at ufl.edu (John Sawyer)]

I haven't seen that research before but I had heard that when Memoryze  
is run on a live system, it will pull out memory that's been paged to  
the pagefile so the dump is more complete. I'll bug one of the  
developers to confirm that.

The other thing Marcus mentioned was the hibernate file. There is a C  
library with sample C and Python code for reading it called SandMan  
from the same author of the memory dumping tool win32dd.
http://sandman.msuiche.net/index.php

-jhs


On Mar 17, 2009, at 5:06 PM, PJ McGarvey wrote:

> Episode 142 with Marcus Carey talked about memory analysis.  I  
> remember him finishing the interview saying he didn't know of a good  
> tool for doing pagefile.sys analysis?
>
> I ran across this today while doing some memory analysis for an  
> incident.  Has anyone used this?
>
> ieeexplore.ieee.org/iel5/4457470/4457632/04457662.pdf?arnumber=4457662
>
> -PJ
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090318/75ae0984/attachment.htm