« Funny picture from F-Secure about “current” Rootkit ideas
Forensics Wiki project »

windows memory analysis

Andreas Schuster recently published on his blog two interesting articles about process memory reconstruction.
He describes how to extract the memory of a single process from a full memory dump. The other article shows how to reconstruct a program binary of a specific process from a full memory dump.

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Google
  • Live
  • StumbleUpon
  • Technorati
  • YahooMyWeb

Thursday, 06 Apr 2006 22:09 (Updated: Sunday, 11 Feb 2007 15:41). 2,557 Views. Filed under Forensics, Live Response. Subscribe to RSS 2.0. Leave a comment or trackback.
 Tags: .

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

TLA | Linklift | Teliad