Hi!
On Sun, Jul 27, 2008 at 1:07 AM, Eduardo Júnior <ihtraum18@xxxxxxxxx> wrote:
Hi,
How can analyze a dump of memory?
Simple...treat it like you analyze the content of physical RAM.... e.g
you know the address of a process physically..then use hexdump to read
the related offset inside the dumped /dev/mem.
I get this dump from the running of the following command:
# dd if = / dev / mem of = / root / memory.dump
# file memory.dump
memory.dump Date
I can only use the command strings associated with grep.
Is there any other kind of analysis?
Lots of them... google for "computer forensic". Phrack has some very
interesting articles about it...check them out too. I remember a
guy...Michal Zalewsky IIRC. He writes some memory forensic tools,
might be interesting for you too.
regards,
Mulyadi.
Here are some <a
href="" class="moz-txt-link-freetext" href="http://www.livecdlist.com/?pick=All&showonly=Forensics&sort=&sm=1">http://www.livecdlist.com/?pick=All&showonly=Forensics&sort=&sm=1>forensics
live cds<a/> that might help. I think PHLAK Linux might have
some tools as well.