[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    RE: it security forensics and investigation including the pagefil
From:       Will Munkara-Kerr <WillM () cs ! nsw ! gov ! au>
Date:       2002-09-24 1:12:56
[Download RAW message or body]

Trevor, 

Have a look at 

http://ntsecurity.nu/toolbox/pmdump/

"PMDump is a tool that lets you dump the memory contents of a process to a
file without stopping the process."

Good luck. 
.will. 

> -----Original Message-----
> From: Trevor Cushen [mailto:trevor@sysnet.ie]
> Sent: Thursday, 19 September 2002 7:37 PM
> To: securitybasics
> Subject: it security forensics and investigation including 
> the pagefile
> 
> 
> I am currently doing security work in the area of after the event
> forensics to give it it's full title.
> 
> I am using @stake task to run analysis against the 
> unallocated space on
> the suspect disk but am lacking a utility to analysis the nt pagefile.
> 
> 
> I am looking for a utility (preferable freeware) that will allow me to
> analyze a windows pagefile.  I have tools that allow me to boot the
> machine and remove the idle pagefile, but how can I go through the
> contents.  NTI Getfree software claims to do it but at a high cost.
> 
> I don't believe I can access a pagefile on a live machine but please
> correct me if I am wrong, I am using a linux bootable CD with tools to
> mount the drive and ftp the pagefile to another machine or disk.
> 
> Trevor Cushen
> 
> 
> 
"This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient, please
destroy it and notify the sender. Views expressed in this message are those
of the individual sender, and are not necessarily the views of the Central
Sydney Area Health Service."
[prev in list] [next in list] [prev in thread] [next in thread]