Forums
Main Category
General (Technical,...
windows server 2008...
 
Notifications
Clear all

windows server 2008 memory analysis

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by Rampage 15 years ago
6 Posts
3 Users
0 Reactions
546 Views
RSS
 Rampage
(@rampage)
Reputable Member
Joined: 17 years ago
Posts: 354
Topic starter 04/03/2010 2:11 am  

Hello everyone, i checked out volatility and memoryze, but they looks like not supporting the analysis of a memory dump from windows server 2008.

are there tools (possibly Open) that can handle this task?
at least for process and connections listing?


   
Quote
 Rossetoecioccolato
(@rossetoecioccolato)
Eminent Member
Joined: 18 years ago
Posts: 34
05/03/2010 12:56 am  

See http//www.gmgsystemsinc.com/knttools/supported_os.html. It is not open source though.


   
ReplyQuote
 neofito
(@neofito)
Active Member
Joined: 17 years ago
Posts: 18
05/03/2010 1:55 am  

ptfinder version modified by csaba barta support windows server 2008 sp1

http//www.csababarta.com/downloads/ptfinderw2k8sp1.zip


   
ReplyQuote
 Rampage
(@rampage)
Reputable Member
Joined: 17 years ago
Posts: 354
Topic starter 05/03/2010 3:54 am  

See http//www.gmgsystemsinc.com/knttools/supported_os.html. It is not open source though.

the link is not working and if i point to the domain only i get a white page with nothing in it.

@neofito thnx, i'll check this out.. hope it works on R2 and 64bit too )
i'll give it a try


   
ReplyQuote
 Rossetoecioccolato
(@rossetoecioccolato)
Eminent Member
Joined: 18 years ago
Posts: 34
05/03/2010 9:32 am  

> the link is not working <

Sorry. The link includes a spurious period at the end for some reason. Remove the punctuation and it will work. Here, I will try again

http//www.gmgsystemsinc.com/knttools/supported_os.html


   
ReplyQuote
 Rampage
(@rampage)
Reputable Member
Joined: 17 years ago
Posts: 354
Topic starter 06/03/2010 2:30 am  

well, kntools look interesting, but a bit expansive for non LE, and especialy for students like me that don't have an income from forensic analysis.

i was looking for something free to use for my practice and exercises, but if i have to pay for a software i would definitely go for xways, wich looks to be a good suite at a reasonable price.

EDIT btw, the volatility framework is no longer in development?
i've seen someone forked that project to create a couple of encase scripts to analyze memory.
these scripts are compatible with both windows 7 and server 2k8, nothing standalone in the old python way?


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: