Audit Viewer allows the incident responder or forensic analyst to quickly view complex XML output in an easily readable format. Using familiar grouping of data and search capabilities, Audit Viewer makes memory analysis quicker and more intuitive.

Check out these features:

• Process data can be viewed on a per process basis or in its entirety by double clicking the root node, “Processes”. For example, when you double click on “Processes” and then click on the Files tab, all the file handles open on the host are displayed from least frequently to most frequently occurring.
  
• Ability to search Files, Processes, Mutants, Events, Registry Keys, and Strings using plain text or regex.
  
• Ability to load multiple Memoryze result sets contained in the same directory.
  
• Handle types are separated out into more abstract types representing the logical type of the handle such as Files, Directories (part of the Object Manager’s namespace), Processes, Keys, Mutants, and Events.
  
• Memory sections with names are displayed under the DLLs tab.
  
• Layered drivers are displayed in a tree view. This is useful for finding certain types of keyboard sniffers, network sniffers, and file filtering drivers.
  
• Integrated with Memoryze to seamlessly acquire drivers and processes from live memory and images.
  
• Ability to scan all processes for “questionable” executable sections. These sections have the EXECUTE_READWRITE flag but no name.

Get the goods, Audit Viewer 1.0.0.7!  Want to learn how to harness this power? Check out Audit Viewer PDF.

Special thanks to Peter for spending his nights and weekends to make this available.