Hi, try these: http://ntsecurity.nu/toolbox/pmdump/ http://faculty.ncwc.edu/toconnor/495/495lect06.htm That will help you out... Regards, Oliver Biermann -- *********************************************** Oliver Biermann - MIT Security Mobilcom Corporate IT - Büdelsdorf Tel: +49 4331 4472124 - Fax: -2200 *********************************************** Fingerprint: FC19 7F6D 4405 EF4F AE25 96CD 8DAB B7D6 F3B6 9F01 John Smith <for3nsicsat_private> 10.11.02 23:40 An: focus-msat_private Kopie: forensicsat_private Thema: Dumping RAM contents on Win NT / 2000 Hi all, I'm conducting some test forensics work on both Windows NT and 2000 and found myself wanting to "dump" the contents of memory for volatile data investiation. Unfortunately I can not find any relevant information on tools/howto's on this subject, accept setting a Registry key which requires and initial reboot to take affect. (which will be useless because after the reboot the volatile data would be lost). And yes, the fact that the Reg Key wasn't set is an obvious one as well :) Any ideas on how this could be achieved WITHOUT setting the particular Registry setting. Thanks in advance. http://careers.yahoo.com.au - Yahoo! Careers - 1,000's of jobs waiting online for you! ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Nov 12 2002 - 05:53:17 PST