Re: Books suggestions for Memory Imaging Tools???

[Frank Forrester <forrester.frank () gmail com>]

Ok were to start... Thank you Bugbear and Matt for the links. I really do
appreciate it. This has really been quiet the rabbit hole for me. I thought
i would blog about it in the future but now it's looking as if that would be
a rather lager entry. Never the less I am keeping notes and links and hope
to document my journey in to this topic in the future. Unlike Ligaat i will
site all sources and give credit were credit is due. (for some strange
reason iTunes has yet to approve my critique of there iPhone app) /me
Shrugs.

Believe it or not this interest all started with a article in 2600 about
win32dd in conjunction with reading Kingpin in two days and thinking
why didn't he just hang the extension cords on the door to kill the power?
But I'm sure he has thought of that buy now. Then apple thunderbolt concerns
on several podcast and to top it off finding out ironically that none other
than HBGary makes a pretty cool little dd tool. (say that in one breath) So
i have to figer out the inner workings of this process.

Any how again i want to say thanks, because this has gave me a bit of focus
do to my lack of Ritalin and over 200 open tabs and im like F were do i
start. So "Windows Forensic Analysis DVD Toolkit 2nd edition" has made it to
my beloved kindle (yes i fregin love the thing) as i type and I'm
highly interested in the hands on participation from
http://honeynet.org/challenges/2011_7_compromised_server and all other pages
mentioned have been downd and imported to kindle also. Honestly I would
sweep and mop the floors for a pittance to hang around people that do this
stuff. But i digress i may not be able to spray liquid nitrogen on some ram
sticks or afford 700.00 usb drives but i have a new book to read so I'm
WINNING!

Thank you.

Frank

On Tue, Mar 8, 2011 at 9:38 AM, Matt Erasmus <matt.erasmus () gmail com> wrote:

> Howdy
>
> While it's not directly related to your query you may find these posts
> interesting:
>
> http://lorgor.blogspot.com/2010/11/volatility-mem-forensics-iiiusing.html
> http://lorgor.blogspot.com/2010/11/volatility-memory-forensics-iiusing.html
>
> http://dfsforensics.blogspot.com/2011/03/bringing-linux-support-to-volatility.html
>
> There were a couple of interesting posts from SANS on the OS X side of
> things here:
>
>
> http://computer-forensics.sans.org/blog/2011/02/04/mac-os-forensics-howto-simple-ram-acquisition-analysis-mac-memory-reader-part-2
>
> http://computer-forensics.sans.org/blog/2011/01/28/mac-os-forensics-howto-simple-ram-acquisition-analysis-mac-memory-reader-part-1
>
> And the latest challenge from the HoneyNet project will give you ample
> chances to practice..
>
> http://honeynet.org/challenges/2011_7_compromised_server
>
> As for books, I'm still looking myself. Mostly I just read blog posts and
> try and practice as much as I can.
>
> I hope this helps...
>
>
> Matt Erasmus // <matt.erasmus () gmail com> // @mattdoterasmus
>
> (keep calm and carry on)
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
The only good is knowledge and the only evil is ignorance.
    Socrates

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com