We have prioritized 64-bit over Vista since more of our enterprise customers have 64-bit. Both will be made available in Memoryze as the development is completed.
Thanks,
Jamie Butler
v.15.2 is still in beta state..
(That doesn't mean that it cannot be used.)
Anyway, v15.2 has been released now. The new memory analysis supports the 32-bit versions of Windows 2000, Windows XP, Windows 2003 Server, Windows Vista, and Windows 2008 Server. The analysis is available for local RAM (opened via Tools | Open RAM) and for memory dumps. Memory on remote computers can also be acquired, in conjunction with F-Response (Tools | Open Disk).
Processes will be listed in the directory browser, with their timestamps and process IDs, and their own respective memory address spaces can be individually viewed in "Process" mode, with pages concatenated in correct logical order as soon by each process. The "particularly thorough data structure search" will take a little longer and may turn up traces of additional terminated processes and rootkits.
The technical details report informs you of important system-wide parameters as well as of the current addresses of kernel data structures. In Details mode you can find the addresses of process-related data structures for each process, and the ID of its parent process. In RAM mode, the Details Panel shows for each memory page a process to which it is allocated (if any) and its memory management status.
With the appropriate background knowledge, the new functionality can be used learn more about the current state of the machine and its processes, sockets, open files, loaded drivers, and attached media, to identify malware, to find the decrypted version of other encrypted data, to analyze network traces in incident response, and to do further research in the field of memory forensics.
Stefan Fleischmann
Stefan I really hope your company didn't used too much open-source code for this new version, like you did with Windows hibernation file support from SandMan project.
–
Matthieu Suiche
We didn't use any open-source code.
Sure, you did. You even have GPL licence printed on your toilet paper.
Memoryze by Mandiant now supports Vista.
http//
Interesting website looks like they have some great tools.
Anyone want to be awesome and hook me up with some command examples?
I look for them on "The Google" HA! and the website itself.
Just checking it out.
Thanks,
DF
My favorite example
memoryze.exe -h
P P
User guide .pdf may have some actual usage examples, but I admit I haven't looked yet.
Anyone want to be awesome and hook me up with some command examples?
I'm already awesome, and I don't have to hook you up with stuff that's already available. Zing! lol
Interesting website looks like they have some great tools.
Anyone want to be awesome and hook me up with some command examples?
I look for them on "The Google" HA! and the website itself.Just checking it out.
Thanks,
DF
We have written batch scripts to make it really simple. Or you can read these posts
http//
http//
http//
And yes of course the MemoryzeUserGuide.pdf. Always start with things called *UserGuide*. wink
Sincerely,
Jamie Butler