I just stumbled across Matthieu Suiche's new website and his (Windows Memory Toolkit). The free version of that toolkit includes a utility to convert Windows RAM dumps from all current versions of 32-bit Windows to crash dump format for use with windbg/kd. Very cool! It is also very cool that 32-bit support is free!
Given the various problems each of the free and commercial vendors are having in the Windows RAM dump analysis space, Windbg plus custom extensions might be the way to go for the future for Windows RAM dump analysis for incident response and malware analysis.
I wish Matthieu all the best with his new business venture, and I look forward to seeing what other innovations are forthcoming from him at MoonSol.
email: david @ sharpesecurity.com
website: http://www.sharpesecurity.com/
Twitter: twitter.com/sharpesecurity
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment