Does anyone know of a tool or script to parse an image of physical memory from a vista PC?
Volatility is a fantastic framework, however it only supports XP images. When I try to run it against a vista memory image it can't recognize it.
I've found and used Andreas Schuster's PTfinder, which works, but doesn't provide near as much capability as some of the other tools available for XP images.
Have you tried Mandiant's tool?
I am assuming that you are trying to capture volatile memory. In the past, I have used Mandiant's mdd.exe and now there is newer tool Matthieu Suiche's win32dd.exe which looks pretty good. I haven't used it yet though.
I am assuming that you are trying to capture volatile memory.
Mdd.exe is from ManTech, not Mandiant.
In the past, I have used Mandiant's mdd.exe and now there is newer tool Matthieu Suiche's win32dd.exe which looks pretty good. I haven't used it yet though.
I'm not sure what your response has to do with the original question
"Does anyone know of a tool or script to parse an image of physical memory from a vista PC?"
It would appear that the OP already has the contents of physical memory, and is looking for a means of extracting data from it. I would suggest looking at Memoryze, from Mandiant.
I suppose that the OP is looking for free tools. Both Volatile Systems (https://
Harlan
It seems that the tool still doesn't support vista memory image. Any other good tool for vista memory image analysis?
I am assuming that you are trying to capture volatile memory.
I'm not sure what your response has to do with the original question
"Does anyone know of a tool or script to parse an image of physical memory from a vista PC?"It would appear that the OP already has the contents of physical memory, and is looking for a means of extracting data from it. I would suggest looking at Memoryze, from Mandiant.
I think X-Ways Forensics v15.2 is another very good tool for Vista memory image analysis.
Harlan
It seems that the tool still doesn't support vista memory image. Any other good tool for vista memory image analysis?
I hope to look at HBGary's Responder product again soon…but am I to understand that Memoryze doesn't work with Vista memory dumps?
I think X-Ways Forensics v15.2 is another very good tool for Vista memory image analysis.
v.15.2 is still in beta state..
No Vista support yet for Memoryze.
http//