ManTech Memory DD Version 1.3 for Forensic Analysis of Memory Now Available

ManTech International Corporation announced the release of ManTech Memory DD(TM) 1.3, a physical memory acquisition tool for imaging Windows based computers. ManTech Memory DD captures a record of physical or random access memory which is lost when a computer is shutdown…Available for government and other private uses, ManTech Memory DD is capable of acquiring memory images from the following Microsoft(R) products: Windows(R) 2000, Windows Server 2003, Windows XP(R), Windows Vista(R), and Windows Server 2008. All of these operating systems are supported in both their 32-bit and 64-bit versions.

ManTech Memory DD 1.3 acquires a forensic image of physical memory and stores it as a raw binary file. To help verify data integrity and aid in the preservation of the evidence, the information captured by ManTech Memory DD is checked by the Message-Digest algorithm 5 (MD5), the common Internet standard used in security applications. The binary file can then be analyzed using external tools to identify items of interest to the examiner.

There have been numerous, well-documented computer exploits that never leave evidence on a computer’s persistent storage devices, such as hard drives. These exploits reside solely in the physical memory of the machine. When the machine is powered off, the evidence of the exploit vanishes. In some cases, evidence of online communication (such as chat sessions) resides in memory even after the communication has terminated. Encryption keys for disk encryption utilities can often be recovered from physical memory as well. The ability to image physical memory allows the forensic examiner to recover valuable information that would otherwise be lost forever. With ManTech Memory DD it is now easy for the Department of Defense, Intelligence Community, law enforcement, and commercial organizations to acquire and preserve physical memory images.

ManTech’s Deep Expertise in Computer Forensics and Intrusion Analysis

ManTech’s Memory DD is currently used by government agencies and its own computer forensics and intrusion analysis professionals, which are a center of excellence that the U.S. government and the Intelligence Community rely on to solve their most difficult computer forensics and information security challenges. ManTech supports over twenty sensitive clients in the national security and Intelligence Communities, as well as federal and state agencies and Fortune 500 corporations.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


ManTech Memory DD is available to government agencies, commercial organizations, and individuals that use the product for their commercial and private endeavors. The technology can also be licensed for inclusion into commercial tools. For additional information on obtaining ManTech Memory DD go to: www.mantech.com/msma/mdd

ManTech’s National Security Software Tools

ManTech’s Memory DD is part of a suite of tools ManTech provides to it’s Department of Defense, Intelligence Community and Homeland Security customers to support their most challenging cyber security problems.

ManTech’s Sentris is a security labeling and access control platform for Microsoft(R) Windows(R)-based environments that facilitates trusted information sharing and data access using specialized identity management and authorization algorithms. Sentris solves the need to provide assurances for information access, email validation, and data protection. ManTech’s Document Detective(TM) 3.0 is a leading electronic document security tool that identifies and removes more than 100 types of hidden and meta data in Object Linking and Embedding files, Portable Document Format files, Hypertext Markup Language, Extensible Markup Language, and Microsoft PowerPoint, Excel and Word(R) documents.

Leave a Comment