« May 2006 | Main | July 2006 »

Memory analysis

Reconstructing a Binary (3)

As it has been shown in two earlier posts it definitely is possible to reconstruct a program file from a full memory dump. However there's no guarantee the file will run properly. I'm going to explain the reason in this article.

(more...)

By Andreas Schuster at 06/11/2006, 07:55 PM |

Memory analysis

DFRWS 2006 Paper

I'm excited to announce that my paper for DFRWS 2006 has been accepted. It is entitled Searching for Processes and Threads in Microsoft Windows Memory Dumps.

(more...)

By Andreas Schuster at 06/05/2006, 05:10 PM |