On 3/6/2010 2:02 AM, Robert J. Hansen wrote: >> >> Thanks a million for all this. The company "Volatile Systems" was >> really messing with my google-fu. > > Err -- why? > > Volatile Systems is behind the Volatility framework, which is probably > the best FOSS tool going right now for Windows memory analysis. > (Admittedly, it only works on Windows XP... but given XP's userbase, > even today, that's not a huge loss.) If you want to learn about what > memory analysis can do, you could do a lot worse than to look into > Volatility. > > Volatility can also inspect Windows XP's hibernation file and recover > data structures from it. I seem to recall that Volatility was the > toolkit used by the Madison investigators, but don't quote me on that. > I may be barking wrong. >
I was probably just being a little dense. I could see that they had a memory forensics tool, but the company pages that I got when searching on "volatile memory forensics" were steering me away from basic definition and intro and FAQ pages. Anyway, thanks again for the info.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
