Looking for a program to sort ram threads/processes etc..

General (Technical, Procedural, Software, Hardware etc.)

Last Post by jeffcaplan 17 years ago

3 Posts

3 Users

0 Reactions

617 Views

RSS

Dr.Zoidberg

(@dr-zoidberg)

Active Member

Joined: 17 years ago

Posts: 11

Topic starter 18/12/2008 3:23 am

Hello,

I have been using winen to image memory on my pc. I was wondering if there are any programs which can retrieve thread, processes and object headers in a clearer format? Maybe not retrieve data from memory itself but from the encase image.

Thanks.8)

Quote

BitHead

(@bithead)

Noble Member

Joined: 20 years ago

Posts: 1206

18/12/2008 3:53 am

Check out Volatility Framework.

ReplyQuote

jeffcaplan

(@jeffcaplan)

Trusted Member

Joined: 21 years ago

Posts: 97

18/12/2008 6:49 am

To my knowledge, Volatility doesn't support EnCase image file formats, only raw ones. If you've used WinEn to capture memory, you'll need to run it through FTK Imager and convert it to a raw style image and then you can use some of the open-source tools out there to analyze memory.

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
185 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed