Memory analysis, part 2

MF and process memory dumping on Windows, collecting those all-too familiar details, page 156:

Searching the haystack


Using userdump



Process Memory Dumper (pd)

Linux memory analysis

Linux memory analysis, 2006 Blackhat presentations

Here are two good memory presentations by Burdach from a 2006 Black conference:

Linux memory analysis and DFRWS 2008

In August of 2008, the DFRWS 2008 Forensics Challenge was held in Baltimore.

Linux memory analysis, simple

Linux memory analysis, using TCT

One of the tools that has been historically useful and is still being kept up to some degree is The Coroner's Toolkit (aka TCT).

Reading assignment