Memory acquisition and the pagefile(s)

Written by Jamie Butler

In the past, I have discussed how in reality there may be as many as 16 pagefiles on a single host. The next question is, “How much data could be contained in all these pagefiles”? Why does this matter? Well, the more data in the pagefiles, the longer they will take to acquire. Read the rest

Tags: memory acquisition, pagefiles, swap files, Training

Live analysis and its footprint

Written by Jamie Butler

Recently there was a conversation on Harlan’s Windows Incident Response blog which mentioned the footprint of Memoryze and other tools. Every tool has positives and negatives depending on the use case.

 

First, the blog entry mainly mentions the footprint on disk, which is larger than other acquisition tools because Memoryze does both acquisition and analysis in the same package. Read the rest

Tags: live analysis, live response, Matthieu Suiche, memory acquisition, Memory analysis, Memoryze, Windows Incident Response

Channels

Recent Posts

• Education and Information Sharing Top Priority at 2012 DoD Cyber Crime Conference
• Executive Breakfast Briefing with Former DHS Secretary Michael Chertoff
• Vulnerability and Exploit Terminology Webinar
• Creating an IOC to Spot the Duqu Family
• Using Redline & OpenIOC to Build Effective Indicators

Follow us on Twitter

• Mandiant: RT @cbentle2: @OpenIOC Updated #IOC posted https://t.co/Y2PGTuqE #dfir
• Mandiant: M's Michael Sikorski wrote a book, "Practical Malware Analysis" & will be hosting a webinar to discuss it! 2/29 2PM ET http://t.co/fd7Bf8Vj
• Mandiant: @_saadk Thanks for the #FF!

MANDIANT News

• Gartner Security and Risk Management Summit 2012
• CEIC Conference 2012
• New York Executive Briefing: Combating Advanced Targeted Cyber Attacks
• RSA Conference 2012