Memoryze 3.0 is out. It supports Windows 8 x86/x64 and Windows Server 2012. Output compatible with Redline. https://t.co/4y39MKD10v
— Jamie Butler (@jamierbutler) July 24, 2013
With Memoryze 3.0, the folks at Mandiant hit their mid-summer goal to roll out memory analysis support for Windows 8 (x86 and x64) and Server 2012 (x64). While support has not yet been rolled into Redline collector scripts, data collected by Memoryze can be loaded and analyzed in the Redline interface. This is no real surprise since Memoryze is the back-end collection and analysis tool that Redline relies upon.
You can dump Windows memory and process your memory image with the following commands (run MemoryDD.bat from a removable device and Process.bat on your forensic box): Continue Reading…