Hello everyone,
I have a winen dump of a target and I am looking for some way to convert the captured memory into a .DMP file so I can take a look at with my debugging toolset.
I know about volatility but I would like to be able to follow the data structures I am familiary with when processing DMP files.
Any pointers would be most appreciated and for information this is a machine suspected, by the client, of having malware installed. I have run three separate AV scanners against the memory file, non of them indicated any infections in case you were wondering.
Many thanks
Alan
I'm assuming you have EnCase as you are using WinEn?
If you open the image in EnCase, you can then Copy/Unerase the raw data into a file that you can use with Volatility
Hope this helps