Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Forensic memory dumping intricacies - PhysicalMemory, DD, and caching issues
From: Arne Vidstrom <arne.vidstrom () ntsecurity nu>
Date: Thu, 01 Jun 2006 19:22:03 +0200
Summary:
Memory dumping tools that use the PhysicalMemory device in Windows XP can be blocked by allocating memory buffers with special memory types. In older versions of Windows the tools instead could possibly cause cache incoherence with some processor types, or other adverse side effects. The problem can also occur on a system that has not been manipulated at all by any attacker. One *example* of an affected tool is DD from the Forensic Acquisition Utilities. 

Full text:

http://ntsecurity.nu/onmymind/2006/2006-06-01.html

Regards /Arne Vidstrom

http://ntsecurity.nu
http://vidstrom.net

  By Date           By Thread  

Current thread:
  • Forensic memory dumping intricacies - PhysicalMemory, DD, and caching issues Arne Vidstrom (Jun 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]