Security Basics: RE: Memory dump

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

RE: Memory dump

From: "Robertson, Seth (JSC-IM)" <Seth.Robertson-1 () nasa gov>
Date: Mon, 4 Dec 2006 09:39:45 -0600

You can try George Garner's dd in his Forensic Acquisition Utilities
collection (http://users.erols.com/gmgarner/forensics). 

Then run a command like:

dd.exe if=\\.\physicalmemory of=x:\memory_dump.dd bs=4096

HOWEVER, this utility doesn't seem to work in Windows 2003...

Seth Robertson 



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Florencio Cano
Sent: Thursday, November 30, 2006 7:57 AM
To: security-basics () securityfocus com
Subject: Re: Memory dump

Have you tried to read /dev/mem and /dev/kmem?

29 Nov 2006 06:27:22 -0000, divinepresence () gmail com
<divinepresence () gmail com>:

I wish to know how I can make a memory dump (to my HDD) to analyze the

memory contents. I tried googling but couldn't find anything.

By Date By Thread

Current thread:

Re: Memory dump, (continued)
- Re: Memory dump Jon Wallace (Dec 01)
  - RE: Memory dump dave kleiman (Dec 04)
- Re: Memory dump Dathan Bennett (Dec 01)
- RE: Memory dump Murad Talukdar (Dec 01)
- Re: Memory dump Florencio Cano (Dec 01)
  - RE: Memory dump Robertson, Seth (JSC-IM) (Dec 04)
    - Re: Memory dump Hylton Conacher(ZR1HPC) (Dec 07)
- Re: Memory dump Alexander Krizhanovsky (Dec 01)