win32 memory capture & analysis cheat sheet

Posted on 14-Jun-2010 by .

A high level overview to perform live memory captures and analysis:

  1. capture memory via moonsol’s win32dd
  2. parse memory snapshot with mandiant’s memoryze
  3. analyze results via audit viewer
  4. or analyze using the volatility framework — neatly packaged in SAN’S Sift Workstation
This entry was posted in forensics, malware, microsoft, pentest, security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>