say3er. Posted August 4, 2012 Report Posted August 4, 2012 ATC-NY a anuntat in cursul zilei de vineri, un program numit Mem Marshal ce poate permite accesarea mai multor informatii chiar din memoria RAM.http://adpres.ro/programul-ce-poate-extrage-date-din-memoria-ram/ Quote
phreak Posted August 4, 2012 Report Posted August 4, 2012 Ma indoiesc ca are acces 'direct' la ram, cel mai probabil foloseste ce folosesc si celelate 10000 aplicatii care citesc memoria proceselor si anume iterare memory pages + readprocessmemory din winapi. Quote
Guest Kovalski Posted August 4, 2012 Report Posted August 4, 2012 ^ shh, asta extrage direct din RAM Quote
SticKyWoX Posted August 4, 2012 Report Posted August 4, 2012 Awesome! Let the hacking begin!Va dati seama cate putem face cu programele de genu'?Are un potential urias. Quote
sicilianul Posted August 4, 2012 Report Posted August 4, 2012 (edited) Cred ca au facut o greseala cand l-au dat asa la mana libera. Criminalistii se foloseau de astea de multisor.Detaliile fac totul, pagina oficiala: http://www.memmarshal.com/ Edited August 4, 2012 by sicilianul Quote
Nytro Posted August 4, 2012 Report Posted August 4, 2012 cat /dev/mem > ~/dump.binBine, de la 2.6 am citit ca nu mai merge chiar brut, e restrictionat. Quote
connected Posted August 4, 2012 Report Posted August 4, 2012 qiq.ws- PassMark OSForensics 1.1.1002 + patch id505846 ??? ??????? ????????? - ????? - ???? - portable - ?????? - ?????? ??????? torrentEnCase Forensic 4.20 With Maunal & Crack : ??????? http, ftp, download : ??????? torrent id107221 : ??? ??????? ????????? - ????? - ???? - portable - ?????? - ?????? ??????? torrentambele sustin extragerea informatie din ram. bafta Quote
gh551 Posted August 4, 2012 Report Posted August 4, 2012 EnCase Forensic e folosit de cei de la crima organizata de la noi. Quote
Usr6 Posted August 5, 2012 Report Posted August 5, 2012 @nytro: dd if=\\.\Device\PhysicalMemory of=memory.bin bs=4096 Acquisition dd//nu cred ca face nimic in plus fata de toolurile deja existente, ex volatility:The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.CapabilitiesThe Volatility Framework currently provides the following extraction capabilities for memory samples Image date and timeRunning processesOpen network socketsOpen network connectionsDLLs loaded for each processOpen files for each processOpen registry handles for each processA process' addressable memoryOS kernel modulesMapping physical offsets to virtual addresses (strings to process)Virtual Address Descriptor informationScanning examples: processes, threads, sockets, connections,modulesExtract executables from memory samplesTransparently supports a variety of sample formats (ie, Crash dump, Hibernation, DD)Automated conversion between formatshttps://www.volatilesystems.com/default/volatility#overviewvolatility - An advanced memory forensics framework - Google Project Hosting Quote
