Matthieu Suiche has released his latest version of his imaging tool "win32dd" (v. 1.3 final). Up until now, I've been using FastDump Pro and Winen as my imaging tools, largely because of the robustness and wide range of OS's, >4GB and 32vs64 bit platform support. With the release of Matthieu's latest tools (which I see has been under beta testing), you can be assured that this tool will also be making it to my list of memory acquisition tools. All this and MD5, SHA1 and SHA256 support.
What I find intriguing about this new product is the fact that you have the option of generating a "blue screen" or send a system into hibernation.
Matthieu has a great slide presentation titled "Challenges of Windows physical memory acquisition and exploitation". The presentation was given at Shakacon2009.
With the enhanced abilities of these tools, I'm interested in finding solutions to faster acquisition times using USB drives. Any comments? (ie: Thumbdrives with fast i/o times, external USB 2.5" drive, SSD, how about a SD card with 30MB/Sec transfer speed?) With larger and larger acquisitions, the time at scene is becoming an issue.
No comments:
Post a Comment