PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

x64 Memory Analysis

From: larrymcdonald at uhost.org (Larry McDonald)
Date: Fri, 12 Mar 2010 10:22:08 -0500
Have you tried the following:

free/open source tools
volatility
mandiant's memoryze get mandiant's auditviewer and use as the front-end to
memoryze

not so free tools
FTK 3.0.x
Encase 6.5 (but you will need to find the memory analysis scripts)
HBGary responder

I would suggest start with Mandiants products, if you have issues with the
tools running against the image can you pass on which ones did or didnt
work.

Larry



On Thu, Mar 11, 2010 at 4:35 PM, Norman Rach <lostpacket at live.com> wrote:


 From what I can tell, there are plenty of tools available to dump RAM on a
x64 Windows system.  Unfortunately, I haven't found any tools that will
actually parse the dump.  Do y'all have any recommendations?

Thanks!

------------------------------
Hotmail: Powerful Free email with security by Microsoft. Get it now.<http://clk.atdmt.com/GBL/go/201469230/direct/01/>

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com





-- 
Larry McDonald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100312/2f92e6d4/attachment.htm
Previous By Date Next
Previous By Thread Next

Current thread: