Matthieu states:
MoonSols is releasing his first product called "MoonSols Windows Memory Toolkit". MoonSols Windows Memory Toolkit is the most advanced toolkit for Windows physical memory snapshot management.Two versions are available - Community (free) and Professional (cost).
MoonSols Windows Memory Toolkit had been designed to deal with Microsoft Windows hibernation file (from Microsoft Windows XP to Microsoft Windows 7 in both 32-bits and 64-bits (x64) Editions), Microsoft full memory crashdump (in both 32-bits and 64-bits (x64) Editions), and raw memory dump files (from memory acquisition tools like win32dd or win64dd, or Virtualization application like VMWare). Moreover, MoonSols Windows Memory Toolkit also contains new version of win32dd and win64dd.
Matthieu's WinDD tool has been part of our lab's Incident Response toolset for almost 2 years now. I expect that testing of his toolset will be equally as effective as WinDD.
The continued R&D and commitment of persons like Matthieu (and several others) continue to move our profession forward - almost at a rate that is difficult to keep up with :)
Newinforensics: On the SANS Institute's forensics blog, I have published new methods for preserving and authenticating evidence in a cyber investigation. http://goo.gl/ramnu What is your opinion? --Ben
ReplyDeleteBejamin I need help with Bitlocker encryption key and password which I lost in a moving process. one of the hard disk partitions needs to be recovered. I have 17gb of Family pictures and video data.
Deletezahidameen@gmail.com