Archives For May 2011
I am a big fan of Mandiant Memoryze for memory forensic analysis. With support for Windows systems from 2000 SP4 to 2008 R2 and ever increasing features to flag potential evil, it is hands down the best free tool available for the job. Its only downside up to this point has been the steep learning curve required by the user interface. Enter Redline. Redline replaces AuditViewer as the front-end to Memoryze and truly brings memory analysis capability to the masses. What excites me most about this tool is that it dramatically lowers the bar for individuals trying to get started with memory forensics. Chalk one up for the good guys.