Antwort: Dumping RAM contents on Win NT / 2000

Hi,

try these:

http://ntsecurity.nu/toolbox/pmdump/

http://faculty.ncwc.edu/toconnor/495/495lect06.htm

That will help you out...

Regards,

Oliver Biermann

-- 

***********************************************

Oliver Biermann  -  MIT Security 
Mobilcom Corporate IT - Büdelsdorf 
Tel: +49 4331 4472124 - Fax: -2200

***********************************************

Fingerprint: FC19 7F6D 4405 EF4F AE25 96CD 8DAB B7D6 F3B6 9F01






John Smith 
10.11.02 23:40

 
        An:     focus-ms@securityfocus.com
        Kopie:  forensics@securityfocus.com
        Thema:  Dumping RAM contents on Win NT / 2000
Hi all,

I'm conducting some test forensics work on both
Windows NT and 2000 and found myself wanting to "dump"
the contents of memory for volatile data investiation.
Unfortunately I can not find any relevant information
on tools/howto's on this subject, accept setting a
Registry key which requires and initial reboot to take
affect. (which will be useless because after the
reboot the volatile data would be lost). And yes, the
fact that the Reg Key wasn't set is an obvious one as
well :)

Any ideas on how this could be achieved WITHOUT
setting the particular Registry setting.

Thanks in advance.
http://careers.yahoo.com.au - Yahoo! Careers
- 1,000's of jobs waiting online for you!

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com





-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com