Summary:
Memory dumping tools that use the PhysicalMemory device in Windows XP
can be blocked by allocating memory buffers with special memory types.
In older versions of Windows the tools instead could possibly cause
cache incoherence with some processor types, or other adverse side
effects. The problem can also occur on a system that has not been
manipulated at all by any attacker. One *example* of an affected tool is
DD from the Forensic Acquisition Utilities.
Full text:
http://ntsecurity.nu/onmymind/2006/2006-06-01.html
Regards /Arne Vidstrom
http://ntsecurity.nu
http://vidstrom.net
