Is there a good alternative to Volatility? It doesn't seem to work with Python 3, and I wasn't able to convert it successfully using 2to3.
Do we have a list of the open source programs available (and their use)?
If for some reason you cannot install Python 2.x, you may consider Mandiant's Memoryze/AuditViewer.
I would hesitate to call one an alternative to the other, b/c they don't necessarily have a one-to-one correspondence in capabilities. Like any other tool, each has its own uses and strengths.
This is not really an alternative or open source, but if you have EnCase the WinXPRamAnalysis enscript will list a memory dump's running processes, PID, PPID, executable names, and process start time.
On the other hand if you have FTK 3, the "Volatile" tab will allow you to see all the process related information as well as the open ports.
You can also do any of the usual searching for IP addresses, credit card numbers, etc. with both tools.
If you want to look at things like Internet activity in a memory dump, you should try NetAnalysis. You can run the demo version for free to get a taste of what it can carve out.
JadSoftware's Internet Evidence Finder (IEF) is inexpensive ($50) and also works nicely on memory dumps.
Strings (free) will also carve out text strings from the memory dump that you can search through.
Anyway, just a few thoughts…
I use Windows as my main OS, but use VirtualBox to run *nix programs all the time. You might want to check out the
I'll give those a try. The biggest challenge I'm experiencing at the moment is finding tools that I like and don't have an steep learning curve (for someone completely new to this sort of thing).
Thanks for all of the help!
> …and don't have an steep learning curve
I'm sure that, like most of us, you're going to find that it's a trade off. Everything we do has a 'cost' associated with it, be it monetary (shelling out $$ for a commercial tool) or in time or other resources, learning to use something.
That's where community comes in, and why IR/DF needs to have more of a community.
Is there a good alternative to Volatility? It doesn't seem to work with Python 3, and I wasn't able to convert it successfully using 2to3.
Do we have a list of the open source programs available (and their use)?
Am I missing something? Why not just install python 2.6? I have 2.5 - 3.0 on my Windows box…