Hosting Provided By

Dumping RAM contents on Win NT / 2000

From: John Smith <for3nsics(at)yahoo.com.au>
Date: Sun Nov 10 2002 - 17:40:08 EST

Hi all,

I'm conducting some test forensics work on both Windows NT and 2000 and found myself wanting to "dump" the contents of memory for volatile data investiation. Unfortunately I can not find any relevant information on tools/howto's on this subject, accept setting a Registry key which requires and initial reboot to take affect. (which will be useless because after the reboot the volatile data would be lost). And yes, the fact that the Reg Key wasn't set is an obvious one as well :)

Any ideas on how this could be achieved WITHOUT setting the particular Registry setting.

Thanks in advance.

http://careers.yahoo.com.au - Yahoo! Careers - 1,000's of jobs waiting online for you!

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Mon Nov 11 13:28:30 2002

This message: [ Message body ]
Next message: M. Zeeshan Mustafa: "Re: 2 data recovery questions"
Previous message: Rod Hauser: "2 data recovery questions"
Next in thread: Knut Eckstein: "Re: Dumping RAM contents on Win NT / 2000"
Reply: Knut Eckstein: "Re: Dumping RAM contents on Win NT / 2000"
Reply: Dominique Brezinski: "Re: Dumping RAM contents on Win NT / 2000"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:41 EDT