say3er. Posted August 4, 2012 Report Share Posted August 4, 2012 ATC-NY a anuntat in cursul zilei de vineri, un program numit Mem Marshal ce poate permite accesarea mai multor informatii chiar din memoria RAM.http://adpres.ro/programul-ce-poate-extrage-date-din-memoria-ram/ Quote Link to comment Share on other sites More sharing options...
phreak Posted August 4, 2012 Report Share Posted August 4, 2012 Ma indoiesc ca are acces 'direct' la ram, cel mai probabil foloseste ce folosesc si celelate 10000 aplicatii care citesc memoria proceselor si anume iterare memory pages + readprocessmemory din winapi. Quote Link to comment Share on other sites More sharing options...
Guest Kovalski Posted August 4, 2012 Report Share Posted August 4, 2012 ^ shh, asta extrage direct din RAM Quote Link to comment Share on other sites More sharing options...
SticKyWoX Posted August 4, 2012 Report Share Posted August 4, 2012 Awesome! Let the hacking begin!Va dati seama cate putem face cu programele de genu'?Are un potential urias. Quote Link to comment Share on other sites More sharing options...
sicilianul Posted August 4, 2012 Report Share Posted August 4, 2012 (edited) Cred ca au facut o greseala cand l-au dat asa la mana libera. Criminalistii se foloseau de astea de multisor.Detaliile fac totul, pagina oficiala: http://www.memmarshal.com/ Edited August 4, 2012 by sicilianul Quote Link to comment Share on other sites More sharing options...
Nytro Posted August 4, 2012 Report Share Posted August 4, 2012 cat /dev/mem > ~/dump.binBine, de la 2.6 am citit ca nu mai merge chiar brut, e restrictionat. Quote Link to comment Share on other sites More sharing options...
connected Posted August 4, 2012 Report Share Posted August 4, 2012 qiq.ws- PassMark OSForensics 1.1.1002 + patch id505846 ??? ??????? ????????? - ????? - ???? - portable - ?????? - ?????? ??????? torrentEnCase Forensic 4.20 With Maunal & Crack : ??????? http, ftp, download : ??????? torrent id107221 : ??? ??????? ????????? - ????? - ???? - portable - ?????? - ?????? ??????? torrentambele sustin extragerea informatie din ram. bafta Quote Link to comment Share on other sites More sharing options...
gh551 Posted August 4, 2012 Report Share Posted August 4, 2012 EnCase Forensic e folosit de cei de la crima organizata de la noi. Quote Link to comment Share on other sites More sharing options...
Usr6 Posted August 5, 2012 Report Share Posted August 5, 2012 @nytro: dd if=\\.\Device\PhysicalMemory of=memory.bin bs=4096 Acquisition dd//nu cred ca face nimic in plus fata de toolurile deja existente, ex volatility:The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.CapabilitiesThe Volatility Framework currently provides the following extraction capabilities for memory samples Image date and timeRunning processesOpen network socketsOpen network connectionsDLLs loaded for each processOpen files for each processOpen registry handles for each processA process' addressable memoryOS kernel modulesMapping physical offsets to virtual addresses (strings to process)Virtual Address Descriptor informationScanning examples: processes, threads, sockets, connections,modulesExtract executables from memory samplesTransparently supports a variety of sample formats (ie, Crash dump, Hibernation, DD)Automated conversion between formatshttps://www.volatilesystems.com/default/volatility#overviewvolatility - An advanced memory forensics framework - Google Project Hosting Quote Link to comment Share on other sites More sharing options...