Dailydave mailing list archives
hardware based RAM acquisition for forensics?
From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Sun, 05 Nov 2006 14:03:26 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Guys, Can anybody point out some products which could be used for hardware based RAM acquisitions for forensics on x86/x64 architecture? I'm already aware of how to use firewire for this (as presented by Maximillian Dornseif and Adam Boileau) and I know that there are some prototype PCI cards for this, like e.g. Tribble: http://www.digital-evidence.org/papers/tribble-preprint.pdf What I'm looking for is are there any commercial products which could be used in a *real life* forensic analysis out there? You known, something which would be compatible e.g. with NIST's CFTT requirements, so that it would be legal to use it against e.g. Very-Important-Mission-Critical-Servers? I'm not really interested in any software based solutions, like e.g. dd ;) Thanks for any links! joanna. -----BEGIN PGP SIGNATURE----- iD8DBQFFTeEdORdkotfEW84RAmtMAJ9IO7Sb3ZW0JVoCQAG4iyKUnipWygCgnznl J86qcr9KYMmVQ9dywGHTAQM= =9YbA -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- hardware based RAM acquisition for forensics? Joanna Rutkowska (Nov 05)