Security Basics mailing list archives
RE: Memory dump
From: "Robertson, Seth (JSC-IM)" <Seth.Robertson-1 () nasa gov>
Date: Mon, 4 Dec 2006 09:39:45 -0600
You can try George Garner's dd in his Forensic Acquisition Utilities collection (http://users.erols.com/gmgarner/forensics). Then run a command like: dd.exe if=\\.\physicalmemory of=x:\memory_dump.dd bs=4096 HOWEVER, this utility doesn't seem to work in Windows 2003... Seth Robertson -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Florencio Cano Sent: Thursday, November 30, 2006 7:57 AM To: security-basics () securityfocus com Subject: Re: Memory dump Have you tried to read /dev/mem and /dev/kmem? 29 Nov 2006 06:27:22 -0000, divinepresence () gmail com <divinepresence () gmail com>:
I wish to know how I can make a memory dump (to my HDD) to analyze the
memory contents. I tried googling but couldn't find anything.
Current thread:
- RE: Memory dump, (continued)
- RE: Memory dump Chris Chandler (Dec 01)
- RE: Memory dump Don Parker (Dec 04)
- Re: Memory dump Alcides (Dec 01)
- Re: Memory dump Jens Hoffmann (Dec 01)
- RE: Memory dump Phillip Oliven (Dec 01)
- Re: Memory dump Jon Wallace (Dec 01)
- RE: Memory dump dave kleiman (Dec 04)
- Re: Memory dump Dathan Bennett (Dec 01)
- RE: Memory dump Murad Talukdar (Dec 01)
- Re: Memory dump Florencio Cano (Dec 01)
- RE: Memory dump Robertson, Seth (JSC-IM) (Dec 04)
- Re: Memory dump Hylton Conacher(ZR1HPC) (Dec 07)
- RE: Memory dump Robertson, Seth (JSC-IM) (Dec 04)
- Re: Memory dump Alexander Krizhanovsky (Dec 01)
- RE: Memory dump Chris Chandler (Dec 01)