Encase Enterprise Phyiscal Memory Capture

General (Technical, Procedural, Software, Hardware etc.)

Last Post by pisonic 15 years ago

3 Posts

2 Users

0 Reactions

621 Views

RSS

pisonic

(@pisonic)

Active Member

Joined: 16 years ago

Posts: 6

Topic starter 10/11/2010 9:31 am

hi,

would like to check for those using Encase Enterprise to do remote capture of the physical memory over the network, after the output, what kind of analysis tools do u use to analyse the E01 file?

Quote

joachimm

(@joachimm)

Estimable Member

Joined: 17 years ago

Posts: 181

10/11/2010 1:41 pm

hi,

would like to check for those using Encase Enterprise to do remote capture of the physical memory over the network, after the output, what kind of analysis tools do u use to analyse the E01 file?

I'm not sure if the Enterprise version is much different to the Forensic version in that regard, but you could try the following
* The Volatility Framework has embedded memory-E01 support.
* You could also dump the contents of the memory E01 to RAW, e.g. ewfexport, and select any tool you prefer.

ReplyQuote

pisonic

(@pisonic)

Active Member

Joined: 16 years ago

Posts: 6

Topic starter 10/11/2010 5:22 pm

thanks!

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
220 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed