win32 memory capture & analysis cheat sheet

A high level overview to perform live memory captures and analysis:

  1. capture memory via moonsol’s win32dd
  2. parse memory snapshot with mandiant’s memoryze
  3. analyze results via audit viewer
  4. or analyze using the volatility framework — neatly packaged in SAN’S Sift Workstation

One thought on “win32 memory capture & analysis cheat sheet”

  1. It’s best to get all the information about insurance
    companies, get multiple quotes from different companies and also be updated about latest insurance
    news before going to any insurance agent. It is very compact to carry and
    easy to operate as well. With this mobile phone you will
    be able to program it to recognize your own handwriting alone.

    You really make it seem so easy with your presentation but I find this topic to
    be really something which I think I would never understand.
    It seems too complex and very broad for me.
    I’m looking forward for your next post, I will try to
    get the hang of it!

    Here is my web site :: page

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s