Re: Dumping RAM contents on Win NT / 2000

From: Dominique Brezinski (domat_private)
Date: Mon Nov 11 2002 - 13:25:31 PST

Next message: Jason Giglio: "Re: 2 data recovery questions"

Previous message: Philip Bartholomew: "RE: Dumping RAM contents on Win NT / 2000"
In reply to: John Smith: "Dumping RAM contents on Win NT / 2000"
Next in thread: George M. Garner Jr.: "RE: Dumping RAM contents on Win NT / 2000"
Reply: George M. Garner Jr.: "RE: Dumping RAM contents on Win NT / 2000"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You can write a simple C program that opens the file \\.\PhysicalMemory and
uses the C runtime read() call to read the contents, or you can download a
modified dd that can do it from http://users.erols.com/gmgarner/forensics

Dom
----- Original Message -----
From: "John Smith" <for3nsicsat_private>
To: <focus-msat_private>
Cc: <forensicsat_private>
Sent: Sunday, November 10, 2002 2:40 PM
Subject: Dumping RAM contents on Win NT / 2000


> Hi all,
>
> I'm conducting some test forensics work on both
> Windows NT and 2000 and found myself wanting to "dump"
> the contents of memory for volatile data investiation.
<snip>


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Jason Giglio: "Re: 2 data recovery questions"
Previous message: Philip Bartholomew: "RE: Dumping RAM contents on Win NT / 2000"
In reply to: John Smith: "Dumping RAM contents on Win NT / 2000"
Next in thread: George M. Garner Jr.: "RE: Dumping RAM contents on Win NT / 2000"
Reply: George M. Garner Jr.: "RE: Dumping RAM contents on Win NT / 2000"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 12 2002 - 07:54:21 PST