RE: Dumping RAM contents on Win NT / 2000

From: Philip Bartholomew <Philip.Bartholomew(at)cms.co.uk>
Date: Tue Nov 12 2002 - 09:12:46 EST

WINHEX at www.winhex.net is a great tool for viewing live memory etc.

Philip Bartholomew

Network administrator: CmsWebView plc U.K (+44) 207 7020202
mailto:Philip.Bartholomew@CMS.co.uk

"Roses are red, violets are blue if only all things where so simple and true"

-----Original Message-----
From: H C [mailto:keydet89@yahoo.com]
Sent: 12 November 2002 11:15
To: forensics@securityfocus.com
Cc: knut@acm.org; JHowie@securitytoolkit.com; for3nsics@yahoo.com.au Subject: Re: Dumping RAM contents on Win NT / 2000

> We, Security Toolkit, have a custom application that

> does 2) from the command line -

There's already a freeware "custom application that does 2)" available...pmdump, which can be found at

http://www.ntsecurity.nu.  I've used it in conjunction
w/ strings.exe to pull some interesting data from
processes...

HTH

---

Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

---

This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com

---

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Tue Nov 12 09:15:56 2002