PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Imaging memory on Win7 64bit

From: Josh Little <josh () zombietango com>
Date: Tue, 21 Sep 2010 20:46:03 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
On 9/21/2010 4:57 PM, Dave Hull wrote:

Actually, Volatility has had support for Vista memory dumps for a
while now. I'm checking into support for 64-bit images.

I believe @gleeda on Twitter may know the answer.



The 64-bit image (Win7) I tried it against came out with an unknown
image type error. So either it doesn't support it or I'm holding it
wrong :) In brighter news, Mandiant released a new version of Memoryze
today that supports Win 7 in both 32- and 64-bit mode. So I'm back in
business with MoonSols_WinDD (thanks again Carlos) and Memoryze.

http://blog.mandiant.com/archives/1459

PS - Just saw your response Dave about Vista/Win7 support from
Volatility. Thanks for checking on that.

ZT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
iF4EAREIAAYFAkyZUckACgkQMRelb3QdcMf3IAD9E4wO/eQj+frmzCxCaLIiXz2v
QWNUuGKLpn/wjqNnGMoA/1+8e+8gFRQOzfUB3ohdtrJ0MG6hAjxWURNIyz6swm/w
=m1y2
-----END PGP SIGNATURE-----

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: